Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar

Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar


Plagegeister aller Art und deren Bekämpfung: Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.07.2013, 16:53   #5
LamerBurnDE
 
Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar - Standard

Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar


Ok, hatte nur gepostet aufgrund der Frage ob im Avira Meldungen vorliegen.

Hier die Log vom Full Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Pink-Fiction :: PINK-FICTION-PC [Administrator]

24.07.2013 15:52:43
MBAM-log-2013-07-25 (16-34-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 658369
Laufzeit: 3 Stunde(n), 26 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Pink-Fiction\Downloads\~Asus Pro72v\chip adventskalender\Steganos Shredder 11.exe (Adware.Agent.ZGen) -> Keine Aktion durchgeführt.
C:\Windows.old\Program Files (x86)\Electronic Arts\Command & Conquer 4 Tiberian Twilight\CNC4.exe (Hacktool.Gen) -> Keine Aktion durchgeführt.

(Ende)
Log von OTL Minimal Output & Extra Registry Safelist:


Code:
ATTFilter
OTL logfile created on: 25.07.2013 16:52:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,98% Memory free
7,99 Gb Paging File | 5,69 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,35 Gb Total Space | 184,62 Gb Free Space | 31,59% Space Free | Partition Type: NTFS
Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,46 Gb Total Space | 7,45 Gb Free Space | 99,87% Space Free | Partition Type: FAT32
Drive M: | 14,92 Gb Total Space | 2,74 Gb Free Space | 18,38% Space Free | Partition Type: FAT32
 
Computer Name: PINK-FICTION-PC | User Name: Pink-Fiction | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe ()
SRV:64bit: - (Belkin Home Base Control Center Service) -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe ()
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SUMMACUTamd) -- C:\Windows\SysNative\drivers\AMDx64CUT.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Par1284) -- C:\Program Files (x86)\FlexiSIGN-PRO 8.1v1\Program\Par1284.sys (Warp Nine Engineering)
DRV - (NSNDIS5) -- C:\Windows\SysWOW64\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 58 C2 02 72 88 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.29 22:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 17:02:00 | 000,000,000 | ---D | M]
 
[2013.07.03 17:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.03 17:01:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.07.03 17:01:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.07.03 17:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.07.03 17:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.03 17:02:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE474015-6078-4EB0-A580-4FFA83A91BF0}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bttray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\isuspm.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\paprport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdfplus.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ppscandr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scannerwizardu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scrsetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smkonv.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\startstarmoney.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bttray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\isuspm.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdfplus.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ppscandr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scannerwizardu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scrsetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smkonv.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\startstarmoney.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3896c951-1b6a-11e0-9b2e-00262d688eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{3896c951-1b6a-11e0-9b2e-00262d688eb6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.24 15:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013.07.24 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Macromedia
[2013.07.24 15:29:30 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\WinMount
[2013.07.24 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Malwarebytes
[2013.07.24 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.24 15:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.24 15:05:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.24 15:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.24 15:01:52 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Programs
[2013.07.22 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\TuneUp Software
[2013.07.22 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Avira
[2013.07.22 19:30:09 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Apple Computer
[2013.07.22 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Adobe
[2013.07.22 19:27:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.22 19:27:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Searches
[2013.07.22 19:27:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.22 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Identities
[2013.07.22 19:26:55 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Contacts
[2013.07.22 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\VirtualStore
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Vorlagen
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Verlauf
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Temporary Internet Files
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Startmenü
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\SendTo
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Recent
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Netzwerkumgebung
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Lokale Einstellungen
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Documents\Eigene Videos
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Documents\Eigene Musik
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Documents\Eigene Bilder
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Druckumgebung
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Cookies
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Anwendungsdaten
[2013.07.22 19:21:08 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Anwendungsdaten
[2013.07.22 19:21:07 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Pink-Fiction-PC\Eigene Dateien
[2013.07.22 19:21:06 | 000,000,000 | --SD | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Links
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Favorites
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Downloads
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Documents
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Desktop
[2013.07.22 19:21:06 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.22 19:21:06 | 000,000,000 | -H-D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData
[2013.07.22 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Temp
[2013.07.22 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Local\Microsoft
[2013.07.22 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Media Center Programs
[2013.07.22 19:21:05 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Videos
[2013.07.22 19:21:05 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Saved Games
[2013.07.22 19:21:05 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Pictures
[2013.07.22 19:21:05 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Pink-Fiction-PC\Music
[2013.07.15 19:41:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.07.03 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.25 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.25 16:30:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.24 15:58:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013.07.24 15:57:30 | 000,793,536 | ---- | M] () -- C:\Users\TEMP.Pink-Fiction-PC\Desktop\ZipOpenerSetup.exe
[2013.07.24 15:12:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 15:12:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 15:06:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.24 15:02:30 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.24 15:02:30 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.24 15:02:30 | 000,153,706 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.24 15:02:30 | 000,124,084 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.24 15:02:25 | 001,646,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.22 18:55:58 | 000,309,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.22 18:33:52 | 3217,178,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.15 19:43:24 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.06.26 03:11:05 | 765,676,920 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.24 15:57:29 | 000,793,536 | ---- | C] () -- C:\Users\TEMP.Pink-Fiction-PC\Desktop\ZipOpenerSetup.exe
[2013.07.24 15:06:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.22 19:27:30 | 000,001,425 | ---- | C] () -- C:\Users\TEMP.Pink-Fiction-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.15 19:43:24 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.02.06 23:44:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.09.05 14:24:36 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B9FB94D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:01C66DD9

< End of report >


Code:
ATTFilter
OTL Extras logfile created on: 25.07.2013 16:52:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,98% Memory free
7,99 Gb Paging File | 5,69 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,35 Gb Total Space | 184,62 Gb Free Space | 31,59% Space Free | Partition Type: NTFS
Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,46 Gb Total Space | 7,45 Gb Free Space | 99,87% Space Free | Partition Type: FAT32
Drive M: | 14,92 Gb Total Space | 2,74 Gb Free Space | 18,38% Space Free | Partition Type: FAT32
 
Computer Name: PINK-FICTION-PC | User Name: Pink-Fiction | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe" = C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe:*:Enabled:TheBat -- (Ritlabs S.R.L.)
"C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe" = C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe:*:Enabled:TheBat -- (Ritlabs S.R.L.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe" = C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe:*:Enabled:TheBat -- (Ritlabs S.R.L.)
"C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe" = C:\Users\Pink-Fiction\Documents\Email\App\TheBat\thebat.exe:*:Enabled:TheBat -- (Ritlabs S.R.L.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3AA595-E687-4DB7-8F6F-367A0E377768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E5F814A-D7BE-4B11-98F1-2F7B51FDE094}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{284B7F3B-1D0E-47EB-9A41-F204D906A15D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{480EA68C-F98F-4B98-9657-33E4BBDE911D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{4F757781-B4BA-4389-9C10-FEF0BF89EB3F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{51805A56-2FBB-4603-8134-0D92115C7456}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5C52A778-64A2-40C0-86BB-A3A91D7274EC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6497DBDF-6D9D-4885-A86F-4B45325C5943}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6B42853C-F77A-4253-BB7F-4A32B27DC4CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C5D70CE-D66F-4E1F-A70C-F99C16408FAC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{90BDD585-B955-47D0-8523-047813819F51}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | 
"{9499E026-51CD-4711-AD57-39EDFDF65B43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A58439F5-29FD-4372-AC76-7118F88AB572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7EB573B-DF4A-416B-8984-61A06331DE95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACDD76F1-C02A-401F-955F-012B56844FAC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B1A3CB9F-8200-4381-B7A5-D0037CB53902}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C9D76FCB-05B4-4E4A-B8BA-F97BEA5F63FB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CCC88830-F159-4697-88B0-E5EF48A2E4F4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E5974EAB-7D6B-4BFF-B1B0-58ACB4F87FA6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E72C342F-1FD4-45AC-8035-147E826EB714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EAF07C03-3E53-41DF-B60C-707439DA0772}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F17501ED-4339-44CA-B468-0FA81878C14D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5A906E2-E6E8-4873-A49D-98B2C4FBDDA2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097407B0-48F1-4F52-8AA8-0FB7DC0A7822}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe | 
"{0B058201-91C5-42F7-8BB5-DB6C3ED87DA9}" = protocol=6 | dir=out | app=system | 
"{0EB4BE35-A207-4084-ACF9-6AB76FA6FD02}" = protocol=6 | dir=in | app=c:\users\pink-fiction\documents\email\thebatportable.exe | 
"{12A4AAB8-5889-4AE0-834C-65344499F334}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1358DC84-1484-4BAD-A97C-EFC537DC916D}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{1BD10D5C-647B-42CD-9A03-C3AE79BF8B51}" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | 
"{22AC47A4-8251-493E-B79C-8483FAC64BC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{27AB214A-9457-4C5E-AF55-EF15245BD628}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FAEDA93-4C56-42C8-8F16-C904E365F526}" = protocol=17 | dir=in | app=m:\portableapps\teamviewer portable 8\teamviewer.exe | 
"{35F3E355-37D3-4EDD-B8AB-109C742DEB61}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36DB3D2D-F174-4452-B842-2FD097A3092F}" = protocol=6 | dir=in | app=c:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3E2802E6-AD8D-464A-BFA2-68C47B36E472}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{47442042-BD11-434A-A284-43FC290A5196}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{50644904-C0A6-4774-B031-A734053B6AEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5400CC96-7A75-448C-A4CA-0DC3E61C902C}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{6C61F1BA-A5F2-4311-9085-C97CC24E93F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7491B711-39F0-4C91-8050-BC38C1774941}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{770A4904-32D8-484D-B318-A76E46EFB810}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{778003D7-45DE-46A9-90AE-A8C3FBBC527A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{82C67B3D-265A-4D3E-AC9B-C2BA472E0E36}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{85B5D68A-CF62-42F8-8325-AECD167508CD}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{88471A29-45B6-445A-8FC2-DB394CB0688A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8968FB9D-1AC9-4214-A17B-8614F1E883EB}" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | 
"{8A4B8774-9183-4873-92B4-CF4929FCEE42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{984B9A6C-7D46-4AF6-A8FD-07B2F5B3A338}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A4C37B4-3238-4D75-9689-EA1D9642C548}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe | 
"{A0CA03CB-69D1-470E-80FD-25321BF00370}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6CE023C-AC28-4C16-A8EB-DDCDB53D86CF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{A884EC54-4C0D-4570-8AA1-2AFAAC267CE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B44E551A-6E89-4686-88BD-912491D8E90A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BC969AE1-BDD1-433A-ABDA-455EA1368476}" = protocol=17 | dir=in | app=c:\users\pink-fiction\documents\email\thebatportable.exe | 
"{BEB48B8A-BE15-4378-8C33-0BCE434D7F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C43396C1-5E17-4B89-BE0E-A5F761DE7C2E}" = protocol=6 | dir=in | app=m:\portableapps\teamviewer portable 8\teamviewer.exe | 
"{DD9239C5-FD4C-4127-B6FD-6DA361D55EA9}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{E94CF5D4-1845-4DEC-971F-94BBD8553255}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECF6933E-5CDA-49EC-B741-4ADDB0A75241}" = protocol=17 | dir=in | app=c:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EE05A42E-0E4D-48DE-872B-FB5BB027406D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EE3A97DD-A425-4559-9C0C-47797FFE8FC5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F4B7B88F-FDCB-4447-8DE3-74C65148628E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F54306C5-7547-4B43-BF40-6142C1E5E8D9}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{F59A2DBB-1D2B-441E-9E5D-C0E130D7B300}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{F71E4EBA-C7B0-48A3-A757-D368D90AA34B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{FB33E418-BF0E-4696-AB26-840CF1394ECE}" = dir=in | app=c:\users\pink-fiction\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{033E2EA3-C8E2-40F6-9CEF-B3DA09DB9A60}F:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe" = protocol=6 | dir=in | app=f:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe | 
"TCP Query User{09E207E3-D4C5-4D16-8091-EB8DCB034D05}C:\program files\belkin\home base control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | 
"TCP Query User{0F8FAA07-3E6E-4B0B-BACB-5957298F92E4}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{20D98851-E56B-4FAD-AFDC-1C551A315A0E}C:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe | 
"TCP Query User{3F2234EC-A973-4EAB-A1D8-A74FD8DE8A06}C:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{420AB2B8-078F-4697-97A5-67D842650BA1}M:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe" = protocol=6 | dir=in | app=m:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe | 
"TCP Query User{57FDC522-F009-415D-87C4-483118031C57}M:\portableapps\mpc-homecinema1.6.5.6366.x64\mpc-hc64.exe" = protocol=6 | dir=in | app=m:\portableapps\mpc-homecinema1.6.5.6366.x64\mpc-hc64.exe | 
"TCP Query User{5B86C03D-8720-461E-A80A-31617BA4CC20}M:\portableapps\phonerlite\phonerliteportable.exe" = protocol=6 | dir=in | app=m:\portableapps\phonerlite\phonerliteportable.exe | 
"TCP Query User{5E21F44A-80F2-4304-8FA8-7EF20DC9E00A}E:\teamviewer\teamviewer.exe" = protocol=6 | dir=in | app=e:\teamviewer\teamviewer.exe | 
"TCP Query User{675DE394-DA8E-49CF-815A-E4C3CAD63B98}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{8CBD0FCD-E64B-4F3D-BEBC-A23307E5FEF8}M:\portableapps\teamviewer portable 8\teamviewer.exe" = protocol=6 | dir=in | app=m:\portableapps\teamviewer portable 8\teamviewer.exe | 
"TCP Query User{94BB4C4F-FE79-4D1E-A33D-C0F5D9009EE4}C:\program files (x86)\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wb games\f.e.a.r. 3\f.e.a.r. 3.exe | 
"TCP Query User{9A8D4488-5D6A-41F1-B614-F69DFD3061F1}M:\portableapps\winampportable\app\winamp\winamp.exe" = protocol=6 | dir=in | app=m:\portableapps\winampportable\app\winamp\winamp.exe | 
"TCP Query User{9D777A07-4E8F-4543-9CD3-73BC4D6239A3}C:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe | 
"TCP Query User{C897E611-F626-40C1-BA2D-A0BEB51D9602}M:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe" = protocol=6 | dir=in | app=m:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe | 
"TCP Query User{D4A5B6C2-C810-4D30-8799-290D0B4C6C01}M:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe" = protocol=6 | dir=in | app=m:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe | 
"UDP Query User{083C955A-FECF-4A15-AAA8-C47F724D5637}E:\teamviewer\teamviewer.exe" = protocol=17 | dir=in | app=e:\teamviewer\teamviewer.exe | 
"UDP Query User{10953EF6-D3B6-4BDA-9F8E-D6EA4FF705AA}F:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe" = protocol=17 | dir=in | app=f:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe | 
"UDP Query User{27DC60A9-0869-49B3-AD24-329F0D7B4F85}M:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe" = protocol=17 | dir=in | app=m:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe | 
"UDP Query User{4290DC1E-FD85-49E6-95B9-E6BF35EE0B59}M:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe" = protocol=17 | dir=in | app=m:\portableapps\portable_pidgin\pidgin\pidgin-portable.exe | 
"UDP Query User{55E36B54-DCF9-4FAD-8E88-07766BC9144A}M:\portableapps\teamviewer portable 8\teamviewer.exe" = protocol=17 | dir=in | app=m:\portableapps\teamviewer portable 8\teamviewer.exe | 
"UDP Query User{6AD42F22-501A-429E-A6B1-6E1FDE69164C}M:\portableapps\phonerlite\phonerliteportable.exe" = protocol=17 | dir=in | app=m:\portableapps\phonerlite\phonerliteportable.exe | 
"UDP Query User{80AFE046-1A67-41A2-8FBB-6A80D495E585}C:\program files (x86)\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wb games\f.e.a.r. 3\f.e.a.r. 3.exe | 
"UDP Query User{A337F4FE-4804-47E7-A93E-4AAD1232BFD5}C:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe | 
"UDP Query User{A9330361-615F-4933-ADBE-0CBDC7267272}M:\portableapps\mpc-homecinema1.6.5.6366.x64\mpc-hc64.exe" = protocol=17 | dir=in | app=m:\portableapps\mpc-homecinema1.6.5.6366.x64\mpc-hc64.exe | 
"UDP Query User{BE27E8FB-F11F-4BB2-B0CA-E82FF61CCDFC}C:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flexisign-pro 8.1v1\program\app2.exe | 
"UDP Query User{CBE9DDBD-642F-4579-92FA-B20ED15AC8E0}C:\program files\belkin\home base control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | 
"UDP Query User{CD540359-0D1E-40F1-92F5-11F0CBB3C109}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{D6DA2233-BBC4-46F2-BEE9-0BE88942B9EE}M:\portableapps\winampportable\app\winamp\winamp.exe" = protocol=17 | dir=in | app=m:\portableapps\winampportable\app\winamp\winamp.exe | 
"UDP Query User{DD0F9E97-A63B-4BFB-98CE-D06B1C27EBA0}M:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe" = protocol=17 | dir=in | app=m:\portableapps\mpc-homecinema.1.3.1249.0.(x86)\mpc-hc.exe | 
"UDP Query User{E2C3BB86-63B5-4569-A41F-CD631001A514}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{E484CDA2-303B-4839-A4E7-142AF67DC8C7}C:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pink-fiction\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{519918B9-24E9-4227-B927-9DD4F0FDBD0E}" = Microsoft SQL Server Native Client
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1" = Adobe Reader 64-bit fixes
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D6FFBF8C-12C5-4336-AEE8-7DFF190001F8}" = Nuance PDF Viewer Plus
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DD6290F5-9620-4FF6-AF3F-454465782B1A}" = Microsoft SQL Server VSS Writer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"8C311725BA3A0EDA9F0D21CFB91577342C9A126B" = Windows Driver Package - Summa (SUMMADC3amd) USB  (01/01/2008 6.2.6000.0)
"9E1DF764E18FED60C42D40530C837502265D8D7F" = Windows Driver Package - Summa (SUMMACUTamd) USB  (11/11/2008 6.3.6000.3)
"Belkin Home Base Control Center" = Belkin Home Base Control Center
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{51D7533C-8D67-436E-B124-6DF90070FE5F}" = TT1281 Driver
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F78DDF1-D5FF-4995-AD19-92C1294D4C41}" = Unified Remote
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{68D598A7-AB4B-4145-B22F-33DC5C8B1649}" = StarMoney 7.0 
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}" = Foxit PDF Preview Handler
"{7117B08F-C380-437D-B5E3-6BE872780D1F}" = DreamStripper Ultimate
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.4.0
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E0B33E1E-9C0C-49A9-83A1-292DB457B7AB}" = Nuance PaperPort 12
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira Internet Security
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ExtractNow_is1" = ExtractNow
"F.E.A.R. 3_is1" = F.E.A.R. 3
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallUsbDrivers_is1" = InstallUsbDrivers 1.0
"JoJoThumb_is1" = JoJoThumb 2.11.2
"JTL-Wawi_is1" = JTL-Wawi
"LinuxLive USB Creator" = LinuxLive USB Creator
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"PSFtp Free_is1" = PSFtp Free
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"WinPcapInst" = WinPcap 4.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2013 18:48:03 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 08:08:35 | Computer Name = Pink-Fiction-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x6a0  Startzeit der fehlerhaften Anwendung: 0x01ce24d96b8112fa
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 0dad64ff-9220-11e2-95ef-00262d688eb6
 
Error - 21.03.2013 08:12:02 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 09:36:25 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 10:53:31 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 12:36:25 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 13:53:37 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.03.2013 14:01:04 | Computer Name = Pink-Fiction-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 NVIDIA Display Driver Service since QueryServiceConfig API failed  System Error: Das
 System kann die angegebene Datei nicht finden.  .
 
Error - 22.03.2013 11:54:25 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.03.2013 12:36:26 | Computer Name = Pink-Fiction-PC | Source = Google Update | ID = 20
Description = 
 
Error - 24.03.2013 09:23:07 | Computer Name = Pink-Fiction-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x19d0  Startzeit der fehlerhaften Anwendung: 0x01ce263daad86889
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f6a77c9d-9485-11e2-95ef-00262d688eb6
 
[ Media Center Events ]
Error - 28.03.2013 04:18:28 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 09:18:27 - Fehler beim Herstellen der Internetverbindung.  09:18:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2013 04:18:58 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 09:18:57 - Fehler beim Herstellen der Internetverbindung.  09:18:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2013 05:19:41 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 10:19:41 - Fehler beim Herstellen der Internetverbindung.  10:19:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2013 05:20:12 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 10:20:10 - Fehler beim Herstellen der Internetverbindung.  10:20:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2013 02:45:53 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 08:45:53 - Fehler beim Herstellen der Internetverbindung.  08:45:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2013 02:46:30 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 08:46:22 - Fehler beim Herstellen der Internetverbindung.  08:46:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2013 03:47:26 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 09:47:26 - Fehler beim Herstellen der Internetverbindung.  09:47:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2013 03:48:01 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 09:47:55 - Fehler beim Herstellen der Internetverbindung.  09:47:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2013 07:50:48 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 13:50:48 - Fehler beim Herstellen der Internetverbindung.  13:50:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2013 07:51:40 | Computer Name = Pink-Fiction-PC | Source = MCUpdate | ID = 0
Description = 13:51:18 - Fehler beim Herstellen der Internetverbindung.  13:51:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 13:51:40 | Computer Name = Pink-Fiction-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 22.07.2013 20:01:11 | Computer Name = Pink-Fiction-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 24.07.2013 08:54:58 | Computer Name = Pink-Fiction-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "" können nicht gelesen werden.
 
Error - 24.07.2013 09:06:26 | Computer Name = Pink-Fiction-PC | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=1) 
beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-WER-Diag/Operational"
 erkannt.
 
 
< End of report >


 

Themen zu Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar
administrator, adware.agent.zgen, autostart, avira, bluescreen, dateien, einloggen, explorer, festgestellt, gelöscht, hacktool.gen, infizierte, internet, langsam, malwarebytes, neustarten, problem, security, svchost.exe, tr/dropper.msil.gen8, warum, windows


« Malware die sich hauptsaechlich auf Chrome auswirkt | GVU Trojaner schlägt wieder zu.... »


Ähnliche Themen: Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar


  1. Tencent nicht deinstallierbar + AMWB Server nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (15)
  2. Bluescreen nach hochfahren von Windows 7 - Kein Zugang zum Desktop!
    Log-Analyse und Auswertung - 13.03.2014 (7)
  3. Windows 8: Desktop schwarz, Taskleiste leer, Explorer nicht ausführbar
    Alles rund um Windows - 14.09.2013 (3)
  4. Nach Trojanerbefall Desktop leer
    Log-Analyse und Auswertung - 03.03.2013 (3)
  5. Nach obskuren Festplattenmeldungen ist Desktop leer, Benutzerdaten verschwunden, Taskleiste leer
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (1)
  6. dwlgina3.dll wurde nicht gefunden, Desktop bleibt leer
    Log-Analyse und Auswertung - 13.03.2012 (13)
  7. BKA Virus (neue Version) desktop nicht erreichbar
    Log-Analyse und Auswertung - 16.02.2012 (30)
  8. Windows system alert - Desktop schwarz - explorer und Startmenue fast leer
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (32)
  9. TR/Kazy.mekml.1 Platten fast leer
    Log-Analyse und Auswertung - 28.04.2011 (1)
  10. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  11. Nach Entfernung von fakeHDD ist Desktop leer und Benutzer "weg"
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (8)
  12. Desktop leer, Taskmanger durch Administrator deaktiviert. Abg. Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 15.02.2010 (2)
  13. XP abgesicherter Modus - Desktop bleibt leer -> dwwin.exe kann nicht gestartet werden
    Log-Analyse und Auswertung - 10.09.2009 (10)
  14. Rechner sehr langsam, obwohl Festplatte fast leer ist!
    Plagegeister aller Art und deren Bekämpfung - 04.12.2008 (0)
  15. desktop nach neustart leer...
    Plagegeister aller Art und deren Bekämpfung - 14.06.2007 (11)
  16. PC startet vor Desktop neu nach einer Bluescreen Fehlermeldung
    Alles rund um Windows - 06.09.2006 (5)
  17. Brauche dringend Rat! Explorer.exe läuft nicht, Desktop leer
    Plagegeister aller Art und deren Bekämpfung - 20.02.2006 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar - Ok, hatte nur gepostet aufgrund der Frage ob im Avira Meldungen vorliegen. Hier die Log vom Full Scan: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.24.05 - Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar...
Archiv
Du betrachtest: Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19