adwcleaner: Code:
# AdwCleaner v2.101 - Datei am 23/12/2012 um 22:23:40 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ...- ...PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\...\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\prefs.js
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1177 octets] - [23/12/2012 21:33:23]
AdwCleaner[S1].txt - [2062 octets] - [10/09/2012 16:29:59]
AdwCleaner[S2].txt - [1124 octets] - [23/12/2012 22:23:40]
########## EOF - C:\AdwCleaner[S2].txt - [1184 octets] ##########
OTL: Code:
OTL logfile created on: 12/23/2012 10:29:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 60.50% Memory free
5.83 Gb Paging File | 4.56 Gb Available in Paging File | 78.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 133.88 Gb Free Space | 56.02% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\SysWOW64\Rezip.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DgiVecp) -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{35A4B224-DFD8-448A-A829-1BECF3CB13DD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_deDE433
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{82ED5619-C4B5-4119-A765-C5FE2D05CF02}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{C303320A-8899-463C-871E-78B7C7758687}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BFEAD5F6-FFC2-440E-8006-5A9080C3CA54&apn_sauid=6D07B03E-7F64-4502-8C6B-70EEE8F9E836
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/23 15:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 11:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 19:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 19:35:40 | 000,000,000 | ---D | M]
[2012/09/10 20:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2012/12/05 23:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\ifbr1quo.default\extensions
[2012/09/18 15:23:46 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ifbr1quo.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012/09/10 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/12/23 20:32:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0A0EE2-169B-499B-8E48-FE34D7B9DA4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/23 20:40:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 20:36:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/23 19:42:17 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe
[2012/12/23 15:19:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2012/12/23 14:47:27 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2012/12/22 16:22:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/21 13:26:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 13:26:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 13:26:18 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 13:26:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 18:10:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/19 18:08:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/19 18:08:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/19 18:08:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/19 18:08:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/19 18:08:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/19 18:08:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/19 18:08:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/19 18:08:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/19 18:08:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/19 18:08:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/19 18:08:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/19 18:08:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/19 18:08:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/19 18:08:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/19 18:08:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/19 18:08:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/19 18:08:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/19 18:08:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/19 18:08:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/19 18:08:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/19 18:08:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/19 18:08:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/19 18:08:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/19 18:08:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/19 18:08:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/19 18:08:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/19 18:08:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/19 18:08:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/19 18:08:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/19 18:08:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/19 18:07:44 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/19 18:07:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/19 18:07:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/19 18:07:43 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/19 18:07:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/19 18:07:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/19 18:07:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/19 18:07:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/19 18:07:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/05 11:09:44 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Neuer Ordner
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/23 22:33:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 22:33:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 22:25:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/23 22:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 22:24:28 | 3131,219,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 22:22:43 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/23 22:22:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 21:32:26 | 000,547,175 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe
[2012/12/23 20:32:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/23 19:42:58 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe
[2012/12/23 15:26:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/23 15:19:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2012/12/23 14:48:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2012/12/22 16:25:24 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:22:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/22 16:21:22 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 12:52:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/22 12:52:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/22 12:52:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/22 12:52:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/22 12:52:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 12:45:34 | 496,873,033 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/22 12:14:35 | 004,976,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 14:16:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 14:16:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/23 21:32:21 | 000,547,175 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe
[2012/12/22 16:25:24 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:21:21 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 12:45:34 | 496,873,033 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/14 12:08:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012/09/12 11:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/12 11:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/12 11:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/12 11:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/12 11:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/05 17:47:54 | 000,000,600 | ---- | C] () -- C:\Users\...\AppData\Roaming\winscp.rnd
[2012/01/22 12:13:50 | 000,017,408 | ---- | C] () -- C:\Users\...\AppData\Local\WebpageIcons.db
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Extras: Code:
OTL Extras logfile created on: 12/23/2012 10:29:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 60.50% Memory free
5.83 Gb Paging File | 4.56 Gb Available in Paging File | 78.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 133.88 Gb Free Space | 56.02% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02952D7A-436D-4884-AC9E-891A022195E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19262199-7D1B-4E05-8CBA-06E6901D8ABA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D43C71C-3914-45C7-A6F7-6D63957BB5D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28ECA04F-D2F3-4E3C-8D93-AFC517890EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{305E79B0-C0BD-490D-9DEB-02302ECC23D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36169228-B2E4-40AA-BB70-F0DB0C79EDA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40AAF8E7-DC4B-4A79-BEF1-67349C6A5F5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4102061F-1109-4606-8278-EDE353A9FE98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43EEDD84-3F81-4982-8077-978FDF487F32}" = lport=138 | protocol=17 | dir=in | app=system |
"{468725CD-125A-4C48-9354-3F3537253A99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D37C66F-4980-466F-9AFA-E4141A88D485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F10D64A-362A-483D-BBD9-6CC994675F12}" = lport=445 | protocol=6 | dir=in | app=system |
"{680AEC5C-B1EB-421C-9ED0-F5124F88A170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C881F73-446A-4300-ABC1-99CBD59CA1A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9088DCF9-17E9-45DA-8220-A1B89169B9E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9522DEE4-2A93-40C3-8072-E3C8B31B8CA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97B0BAAB-D419-4E7B-BBC5-513267364553}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A14D65C3-3404-4E36-B1C1-3DABA3DBEBE9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4F71C90-A0A1-4247-8D47-3832AC8452AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{AF9C1A2D-D935-4B69-BC5A-FD18E4066F83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BE02D507-5A01-4BDA-BB1D-A32D42AB87E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{D9E1247D-60B5-45E1-8007-4C01D988DB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E155EDE9-776F-44AC-9ADA-54499D82191B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7636CC4-FF0A-4FC1-A627-70569F5F2CFB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAFB19D7-B8D9-4A61-BCFA-1B2DE31ACD51}" = lport=137 | protocol=17 | dir=in | app=system |
"{FC482FB4-67C5-44D1-AA86-BAA32E9263F8}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1576762C-E97A-4C3B-81E0-D022F86744B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{17E622DC-34D5-400E-BA76-FDF1CC00ADD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A883AB7-E21C-42C1-BBA6-052C038511A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E798FB5-C538-4189-836F-0BA8A26E12B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28EE450B-52D0-40DA-9972-F7545CD4614C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{2EB4B6AE-E9D8-415C-ACFF-0F7227B5006F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5385519A-4EAA-48A2-9D5D-B9A18DCBA2D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63D8172E-C87E-45F7-A92A-DC3C9F254935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6732CF41-6DB8-4BEE-9DC7-1B2B914A5872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73A4E7A9-2DBE-4EEA-AA17-DA6ED7FEBBD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{798F8495-0E97-4318-8420-6D0ACE6F5D10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D6573C2-B6B7-4796-A529-BB3685F6A980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E3C5D28-5ED5-403A-8CFF-2989222184AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{852554F1-D12B-4550-A18B-E856DB20640C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D4368A9-EE48-4C70-A4B3-1A0120AB29C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DD25F88-3F1F-48D6-B915-371676DF18A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E06D079-BD62-4EA5-B35C-543896733B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8FA87DD1-013B-4EB2-9986-8FF4B172D289}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{90F01D0D-4F8F-4729-96D0-B2B1DA340DFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9174FBF7-8C64-436F-9AB0-BC13438DE1FC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9197C549-4530-49D0-AB3A-805B5343402C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9DAB19AA-2074-4306-B31B-A7E9D3905D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{A707831D-824E-47EB-BFC4-AEE257EEFB78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{AF9FE5BA-184D-403D-A3D5-136C37A070AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9237FBC-0FDA-4DB2-961C-1E007859B05A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B9571C6D-2E83-4BA5-8985-DAFE9CE31AD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1097537-CB0D-47AE-A5A5-8154E095755E}" = protocol=6 | dir=out | app=system |
"{C57B7E4E-B8CE-451D-9F11-F509CA43304F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C956A1CD-69B2-4B18-8B12-B8D841C3A31E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C9735109-294D-492E-8556-59FF1BB02866}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA526859-B833-4161-A03E-AE25DEC56CC1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E4AA7772-4726-4933-8944-5D7FC51D58AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E84E240F-2B41-48BE-88A4-AFB2D2AE410C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EAFF4FED-39C0-4591-8C74-D84DCEA93DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F686B18A-0909-44E1-BFE7-772FC47BA8E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F785A631-8D8B-4F3C-957B-A2336A2E0535}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2F254734-EDBD-4304-852F-A5AE101E38BC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2F62D84D-2166-410B-B31B-0520EC4A8E81}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0B5E5FDA-A086-4DB1-A30A-FE55CE0F3BD8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{14426EF6-5722-4358-A66D-92509DD3492C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Bayern München - NewsBox
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{2860cb46-199b-4226-a807-bd5c29652185}" = Nero 9
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{6DA99C69-0799-467E-9496-F37E1E452A4A}" = SCR3xxx Smart Card Reader
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/15/2012 3:58:50 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11/15/2012 4:00:29 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 11/23/2012 5:27:07 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/23/2012 5:27:41 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11/23/2012 5:29:07 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 11/28/2012 2:12:15 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/28/2012 2:12:53 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11/28/2012 3:39:31 PM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften
Prozesses: 0x11b8 Startzeit der fehlerhaften Anwendung: 0x01cdcd83786906c5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 53da26b3-3993-11e2-aff1-001bb1d08b3f
Error - 11/28/2012 5:08:19 PM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften
Prozesses: 0x15cc Startzeit der fehlerhaften Anwendung: 0x01cdcda102d6eb91 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: bb6f2a30-399f-11e2-aff1-001bb1d08b3f
Error - 11/29/2012 5:41:26 AM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften
Prozesses: 0x14e4 Startzeit der fehlerhaften Anwendung: 0x01cdce158e0e131e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: f0f8b181-3a08-11e2-9a56-001bb1d08b3f
[ System Events ]
Error - 12/22/2012 3:28:00 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12/22/2012 3:28:01 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12/22/2012 3:28:01 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12/23/2012 11:21:12 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12/23/2012 11:21:13 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12/23/2012 11:21:14 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12/23/2012 3:23:46 PM | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12/23/2012 3:31:27 PM | Computer Name = ...-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12/23/2012 3:31:28 PM | Computer Name = ...-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12/23/2012 3:32:28 PM | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Gruß |
