So, hier die Logs. Code:
a
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}
IE:64bit: - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}
IE - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\..\SearchScopes,DefaultScope = {9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\..\SearchScopes\{7DDF9DA1-0D95-4732-86C8-DCD60CED3B9E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=^6F&apn_dtid=^YYYYYY^YY^DE&apn_uid=bc672ee1-57c7-4af1-88e0-611b4ef5fcea&apn_sauid=1BA434A3-F1AF-45F3-BE89-FC21B927444B
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: support%40free-hideip.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\malte brz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 11:02:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 10:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
[2013.01.08 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Extensions
[2013.03.21 17:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Firefox\Profiles\qgd1y4n3.default\extensions
[2013.01.20 18:41:28 | 000,004,548 | ---- | M] () (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\extensions\support@free-hideip.com.xpi
[2013.01.20 18:40:53 | 000,002,337 | ---- | M] () -- C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\searchplugins\askcom.xml
[2013.05.22 14:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.22 14:14:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.22 11:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions
[2013.05.22 11:07:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [Facebook Update] C:\Users\malte brz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [Free Hide IP] C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [icq] C:\Users\malte brz\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2902786437-1967056483-2516386748-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\malte brz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58005BF4-5BE1-4695-A3C1-F09A055C2BED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.13 23:04:47 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell - "" = AutoRun
O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\configure\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\install\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.13 09:27:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\malte brz\Desktop\OTL.exe
[2013.06.12 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Malwarebytes
[2013.06.12 15:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.12 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.12 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Programs
[2013.06.12 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.06.12 03:58:27 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Canon Easy-PhotoPrint EX
[2013.06.11 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.06.11 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\WildTangent
[2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Apple Computer
[2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple Computer
[2013.06.11 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.11 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple
[2013.06.11 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.06.11 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.06.10 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\Bluetooth Folder
[2013.05.23 10:59:11 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.23 10:59:11 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.22 14:24:26 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.05.22 14:24:24 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.05.22 14:24:23 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.05.22 14:24:21 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.05.22 14:24:20 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.05.22 14:24:19 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.05.22 14:24:18 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.05.22 14:24:17 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.05.22 14:24:15 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.05.22 14:24:15 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013.05.22 14:24:10 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.05.22 14:24:08 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013.05.22 14:24:07 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013.05.22 14:24:06 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.05.22 14:24:05 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.05.22 14:24:05 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.05.22 14:24:05 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013.05.22 14:24:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.05.22 14:24:03 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.05.22 14:24:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.05.22 14:24:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.05.22 14:24:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013.05.22 14:24:02 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.22 14:24:02 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.05.22 14:24:02 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.05.22 14:24:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013.05.22 14:24:01 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013.05.22 14:24:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.05.22 14:24:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.05.22 14:23:59 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.22 14:23:59 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.05.22 14:23:58 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.05.22 14:23:58 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.22 14:23:55 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.05.22 14:23:54 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013.05.22 14:23:54 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.05.22 14:23:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013.05.22 14:23:54 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013.05.22 14:23:53 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.05.22 14:23:53 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.05.22 14:23:53 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.05.22 14:23:53 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.05.22 14:23:53 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.05.22 14:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.05.22 14:23:52 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013.05.22 14:23:52 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013.05.22 14:23:52 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013.05.22 14:23:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013.05.22 14:23:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013.05.22 14:23:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013.05.22 14:23:49 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.05.22 14:23:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.22 14:23:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.05.22 14:23:48 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013.05.22 14:23:48 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013.05.22 14:23:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.05.22 14:23:46 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.05.22 14:23:45 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013.05.22 14:23:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.05.22 14:23:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013.05.22 14:23:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013.05.22 14:23:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013.05.22 14:23:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013.05.22 14:23:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.05.22 14:23:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013.05.22 14:23:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013.05.22 14:22:25 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.22 14:22:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.22 14:22:15 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.05.22 14:22:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.22 14:22:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.22 14:22:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.22 14:21:50 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.05.22 14:18:35 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.22 14:18:35 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.22 14:18:09 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.05.22 14:18:08 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.05.16 10:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.05.16 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.16 10:14:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.16 10:14:56 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.16 10:14:56 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.16 10:14:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.16 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.16 10:09:13 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.05.16 10:09:13 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.05.16 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\samsung
========== Files - Modified Within 30 Days ==========
[2013.06.13 09:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\malte brz\Desktop\OTL.exe
[2013.06.13 09:25:52 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.13 09:25:52 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.13 09:25:52 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.13 09:25:52 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.13 09:25:52 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.13 09:20:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 09:19:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.06.13 09:18:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.13 09:18:35 | 3262,828,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 09:18:10 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013.06.12 20:18:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902786437-1967056483-2516386748-1001UA.job
[2013.06.12 20:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.12 18:23:27 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.12 18:23:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.10 17:57:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.05.23 11:04:06 | 000,449,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 14:14:29 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.16 10:14:46 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.16 10:14:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.16 10:14:44 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.16 10:14:44 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ==========
[2013.06.12 18:23:27 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.11 16:16:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.23 11:03:54 | 000,449,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 14:23:42 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.01.17 18:00:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.06 07:33:46 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2012.09.06 07:24:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.09.06 07:24:27 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.06 07:24:26 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.09.06 07:23:36 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.09.06 07:23:36 | 000,000,223 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012.09.05 22:13:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.08.07 03:57:19 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012.08.07 03:57:19 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2013.03.20 16:32:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
und der 2.: Code:
OTL Extras logfile created on: 13.06.2013 09:29:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 60,44% Memory free
4,86 Gb Paging File | 3,31 Gb Available in Paging File | 68,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,28 Gb Total Space | 326,46 Gb Free Space | 72,34% Space Free | Partition Type: NTFS
Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALTE | User Name: malte brz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2902786437-1967056483-2516386748-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB446E-56FB-47F8-AD64-BB68BD19BBAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{112688F8-266A-41CF-9029-3206BBA88B28}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA7462-8B10-4AEB-9339-29049E337E0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{160F0965-B73B-40CE-9648-64F944402158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2364BA54-3A04-42EB-A240-537F6CB9FB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2520A42E-883B-42D7-8D9E-513AB6155DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{276ABE02-EE13-49AE-A19C-543C94FB2C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCDA151-D0F4-4074-BD6D-47664B3D9B39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EDFCC97-65B3-40BA-95C2-4259C5B8D857}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{41BF809A-D6F5-4305-B477-C39365E57381}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5036C5A7-6D59-4E09-B7B8-CE5A0E431966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B7EAEC-330A-4D99-9AF8-78736BCBBADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{591E48EC-1427-45B1-8B8A-C4FE5DD91952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6193618D-2C7F-4781-BC8E-1B1167D68424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{65BBF4B2-8845-4276-8746-10041AFA3A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A13397-FF22-4839-85AC-DB9EEDC5BAB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{688BD4CF-939C-4104-B814-A45A68F28158}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B01F653-A8A2-4197-93F8-8654FBF7FF6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{82401F79-B2A3-4029-BB79-F692C1143D27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3599CE-3CF2-4502-989B-3990772474C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBAD150-38E9-46A1-BE15-9F32E5CFD9FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B618A313-D12A-4B0B-ACB0-B6CE6F316326}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65BF351-30DB-4307-AEF0-B90173332669}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B71C26F4-3837-43EF-9DA8-01822C5C5E7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811A8AC-B44C-4E04-8311-AD07476866A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA33EA60-FE14-42DF-A7F1-A7EC1835D494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFF22A68-0D70-4AAB-B5EE-DC362F51F4D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D538C273-B4E0-49C7-A5B5-34017F7E4EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F194E8-38C1-42D5-9F5E-D7AD8EE38E57}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5CEE736-3EAF-4A38-978D-F988CDCB8E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79EF012-EE27-4310-946C-44E99100FD15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B31D01-25EF-42CB-8D48-B2E7F34BA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9579924-6EB0-4B34-94C6-3B8602BBFC35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8B6622-7105-40ED-9527-DCE7235E8B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE33CCEA-06FF-429F-A90B-080D22C16E57}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CFEC0A-BCBC-446D-8AF5-59567ED7F21C}" = dir=in | name=shuffle party |
"{03459F46-A7C6-42F3-8CC5-89D5B716E512}" = dir=out | name=acer crystal eye |
"{0AC30674-5BB1-4BF0-843B-9506B24BC0C2}" = dir=out | name=ebay |
"{0AC3DCE9-B8BE-44AE-9D49-690CCC1080EF}" = dir=out | name=@{45242croysapps.archeryshooting_3.9.1.15_neutral__6bm9tbz9trsva?ms-resource://45242croysapps.archeryshooting/resources/gamename} |
"{0B13E16E-22B4-4678-9497-98FE6D7E62E0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18B9DBAA-ECFE-4216-8DA1-20BB78241E60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BACBF8A-7388-4C2F-A186-FA9CC01F0703}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{1BB0C9AD-8E06-4987-ABFE-B6699193E02D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{1C0DEA0A-997C-4F2F-8FF5-DB7567F67FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B582EF-DBF8-47CA-96C9-9C8002DDD485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235D1FD4-BE74-4B0E-98E5-2622E3EB1A6F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2806CD28-1278-4F6A-BFE1-36BF39ED7516}" = dir=out | name=bild tablet |
"{28499078-552F-4516-93CD-855EA4A98C6A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{298C9775-8C77-4964-AB7A-F334BB299E81}" = dir=out | name=shuffle party |
"{2CAEC09E-1A9B-4949-9279-6959FEB6DEE6}" = dir=out | name=tv-programm |
"{2D7CE946-5E6A-4C20-BBAF-4111AF505861}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2F110AF0-5C9D-40E1-A72E-B6577E44639B}" = dir=out | name=the treasures of montezuma 3 |
"{35F7F8C1-7FA9-4AE4-9B65-E9A8397F1CFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{36B16D64-DA51-487E-8153-57C2B97DFF3C}" = dir=out | name=post mobil |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3F6955EE-BEC2-449C-9E2D-4CD05FC364B7}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{40198709-3F7D-41B0-9032-854FA1C539DE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{41503457-72CC-43C9-BFCF-ED016759F1DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{44AC93BF-45DF-4F83-888E-64D0F5D1CE72}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49A60F7C-59D3-4534-9EA6-86547054C3FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B58D5-463A-4D5C-8C8F-DE97018A89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F5A4B66-5AFD-4CEC-8386-E8666C5F6058}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{504BAA0F-77EC-406A-B2B8-D78419411258}" = dir=out | name=microsoft solitaire collection |
"{5117B8BC-BE99-4154-BC71-E421A99A1D36}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{539F107A-71A8-40C3-92CE-02748F319B30}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{619CA108-1DD0-495E-82C5-4E2C82E8BF31}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{63DA3455-7679-48CA-81DD-3C833FFEEF29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69A21F84-4694-42FE-AD15-114CDA5F9BC8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6B20DB39-DF7D-4EA7-B1F5-3B1148C92D91}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{708BF4B0-317E-4D6F-93D8-253F02568AD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{726E24A1-EF3F-4184-8DBD-04A13233CB87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73AA14E1-14D9-4DCD-9E95-062C011110AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FB1EEB-D8DF-4ED0-B5B0-4DBCBDEF8FF5}" = protocol=6 | dir=out | app=system |
"{7964CF4B-F5E8-4490-A250-C884B309FC46}" = dir=in | name=ebay |
"{7A69356A-1722-46FB-91E0-1E4BB16A20AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{807A2574-AF1A-40A2-9E6E-73EA04756BBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84DF2214-29FB-4AEA-A097-41BDE25B6D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86905359-088D-42A9-B610-D5CA8D80D148}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87602140-078C-4211-BDB7-1FDE1B3C2C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{87AE5A3D-B219-4930-BCEC-938F85659512}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{884B3506-3E2F-44CD-8F7C-AA9859685360}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8CEBB7F0-3CD3-47C0-BAE3-65D56810849D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{900EC83B-768A-4E63-8AD1-518A67253124}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{918047C2-EA27-42C5-B4DA-CBF1250EFE64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{922FA47F-252A-497F-93D2-E2E9E165DC05}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{94B5967E-9834-47C7-9E0A-5B1F1FCE6551}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9622AF03-BB91-460A-B17B-0BC96F1BC5F2}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{96473C4E-BE8C-4F30-B117-FD66B2A7E0AC}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{98D2B843-BF9A-4258-8AED-FBE5A1124C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C416A28-D205-4FB6-B917-435863334E34}" = dir=out | name=men´s health |
"{9DED3FC4-DE08-457F-823E-C8B503161EAC}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A4212012-C62C-46B6-A968-1A0C5B75DE89}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A74EE93A-6597-4E0C-9411-5EF562614025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB382A7B-20E0-4559-9BF5-7556F149A6A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3EDCA72-0181-421F-A716-69D7751E646C}" = dir=out | name=cut the rope |
"{B5CA6B96-DB86-43E7-A961-E2EFD77A713B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B9347A7B-194D-402D-ABE1-4B3BB3F518D1}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{BA50B35D-826F-49E8-94CB-D819176E8EBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC6ABCAF-0940-4B82-9816-A177DE49AF7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{BF93B74A-7AD5-4697-8470-86FE101AD32A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{C103E70F-7527-4E91-A4C1-D3751E6A203A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A2DFFF-1896-43EF-9F3C-BFE6286B6D05}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2BC5FE1-2E37-4E44-A481-302473865C28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB6DE9-2974-403A-889C-880DD64D9A46}" = protocol=17 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{C504FE57-A2CA-403B-AC7D-CC42F54FFD28}" = protocol=6 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{CA117769-935F-415F-BF19-CD9B87717A69}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{CB84D801-02D4-472F-ADD6-B9330BF67D85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CEBE45B5-F8E3-4CC2-9D7A-55A36748D912}" = dir=out | name=amazon |
"{D0131D37-A8D9-4A34-ABCD-5165D08300E2}" = dir=out | name=youtube player |
"{D024F0E3-34CC-4103-AE9F-83F0A7D9D18B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D59D0F5C-4847-4340-9B6E-D9F17085529B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D723CDB0-4852-456E-8FD9-5910F422540B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D8A1758E-784F-4225-BF4E-55E02E9F28B8}" = dir=in | app=c:\users\malte brz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DC3E0DC3-5D7A-4FFB-A18B-558065A7F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEC762C5-4B9D-42B1-BAD5-28D99F191B78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E40E8887-F81F-4846-81E3-2AC2FAF3F0F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E439E921-8CAD-4793-8E14-D370603F3AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{E55C0AE6-6EC0-432D-8023-08F6A3C4D648}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{E74D1109-70E6-46AB-A632-4BA90767998B}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7B6EBCC-DC09-48C3-9352-58D805345765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB424450-C736-4DA0-8C66-8095D351ADC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5490A-64FA-4500-818E-A973FFA88FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{ED8CC248-019E-42D8-A6A1-C4B7E4C85727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B2EB0-278F-4B75-A542-2C89BA97E118}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F197EC63-09AE-4E66-AAE3-814092CE055A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F3EA9B08-CEF0-47C7-AE36-A79DDBB157AF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F4DE4715-6790-47D0-BEC6-298AEBF812D8}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB627121-D4BD-4261-9780-ED0A8245328C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD4203DB-E4FB-4E78-9E44-5B3776B7732A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{11F1A83D-E771-4312-ADED-3173CDB66D62}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{1FF459A9-A79B-4857-8B97-FB8A4E432A7B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BA31D625-7FF6-46C6-9F63-BDA626B1223D}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{39954282-A805-46CA-A689-CACBCC66C462}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{99ECD298-6808-4762-B16D-E951FD4E3CE1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B816FDCF-D023-4C62-A1BF-E32249AB6493}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B492663B-604B-4C9D-84A4-B17279167D4C}" = Acer Instant Update Service
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12141d67-56cc-4aca-ade4-bc44b4adaff8}" = Jackpot Capital German
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"32red" = 32Red Casino
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FreeHideIP" = Free Hide IP
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"jackpotcity" = Jackpot City
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NARA" = Norton Online Backup ARA
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TmNationsForever_is1" = TmNationsForever
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-09d2c448-d843-4a2f-aff0-2599ecf16da6" = Magic Academy
"WTA-0c9c90bd-8b9a-48ed-8796-dfa759fc70bc" = Delicious: Emily's True Love Premium Edition
"WTA-1cd52b52-b118-4842-a30a-c781e1b59467" = Agatha Christie - Death on the Nile
"WTA-346be69b-2a6c-44dd-81d6-20659fa1dd6c" = Bejeweled 3
"WTA-600c80ab-4c1d-42c5-bf1c-c9b61a73cbaa" = Jewel Match 3
"WTA-79a8095c-b9f6-44ff-84cb-7af007dbe03b" = Aloha TriPeaks
"WTA-82ad3123-157c-47a6-970c-77bf510025fa" = John Deere Drive Green
"WTA-8dce07a8-de6d-44d9-b33b-f55a37c48c64" = Polar Bowler
"WTA-9f45d707-3efd-47a1-af0a-36a384c656f3" = Governor of Poker 2 Premium Edition
"WTA-b8618fc5-1651-476c-ac3b-c8d5761e317b" = Final Drive: Nitro
"WTA-bb20c4d2-26cf-4d72-89ac-9a7f4e7ee408" = Plants vs. Zombies - Game of the Year
"WTA-c4396a31-4ce7-4f3a-98d8-d36dd1bfae4e" = Penguins!
"WTA-d7312d19-d22b-4e24-931c-a218fa99c4b2" = Tales of Lagoona
"WTA-e7cca8c6-98dd-4d97-957c-bb84630ad520" = Zuma's Revenge
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2902786437-1967056483-2516386748-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2013 15:22:23 | Computer Name = malte | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde
nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 11.06.2013 15:22:32 | Computer Name = malte | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2608 Startzeit: 01ce66d8f6afdc30 Endzeit: 4294967295 Anwendungspfad:
C:\Windows\system32\wwahost.exe Berichts-ID: 3de276e8-d2cc-11e2-bee9-206a8a8e0cb7
Vollständiger
Name des fehlerhaften Pakets: Microsoft.ZuneMusic_1.2.150.0_x64__8wekyb3d8bbwe Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.ZuneMusic
Error - 11.06.2013 15:22:33 | Computer Name = malte | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“
ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 11.06.2013 15:26:02 | Computer Name = malte | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: edc Startzeit: 01ce66bc99907446 Endzeit: 4294967295 Anwendungspfad:
C:\Windows\system32\wwahost.exe Berichts-ID: 1c3a53ce-d2cc-11e2-bee9-206a8a8e0cb7
Vollständiger
Name des fehlerhaften Pakets: automotorundsport.MensHealth_1.0.0.12_neutral__dpe7n2n8zcz9j
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 11.06.2013 15:27:22 | Computer Name = malte | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „Microsoft.ZuneMusic_1.2.150.0_x64__8wekyb3d8bbwe“ wurde
beendet, da das Anhalten zu lange dauerte.
Error - 11.06.2013 15:35:27 | Computer Name = malte | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2a38 Startzeit: 01ce66d93fa61b8c Endzeit: 4294967295 Anwendungspfad:
C:\Windows\system32\wwahost.exe Berichts-ID: f179ebb1-d2cc-11e2-bee9-206a8a8e0cb7
Vollständiger
Name des fehlerhaften Pakets: Microsoft.ZuneMusic_1.2.150.0_x64__8wekyb3d8bbwe Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.ZuneMusic
Error - 11.06.2013 16:45:04 | Computer Name = malte | Source = .NET Runtime | ID = 1026
Description =
Error - 11.06.2013 16:45:08 | Computer Name = malte | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: eBay.CoreApp.exe, Version: 1.2.1.65,
Zeitstempel: 0x51312f2b Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version:
6.2.9200.16578, Zeitstempel: 0x515fa35a Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ef533
ID
des fehlerhaften Prozesses: 0x3244 Startzeit der fehlerhaften Anwendung: 0x01ce66e293dc55ee
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\eBayInc.eBay_1.2.1.65_neutral__1618n3s9xq8tw\eBay.CoreApp.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung:
ccfb8a10-d2d7-11e2-bee9-206a8a8e0cb7 Vollständiger Name des fehlerhaften Pakets:
eBayInc.eBay_1.2.1.65_neutral__1618n3s9xq8tw Anwendungs-ID, die relativ zum fehlerhaften
Paket ist: App
Error - 11.06.2013 16:50:42 | Computer Name = malte | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „eBayInc.eBay_1618n3s9xq8tw!App“ wurde nicht innerhalb der
vorgesehenen Zeit gestartet.
Error - 11.06.2013 16:51:15 | Computer Name = malte | Source = Application Hang | ID = 1002
Description = Programm eBay.CoreApp.exe, Version 1.2.1.65 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 344c Startzeit: 01ce66e54d66a910 Endzeit: 4294967295 Anwendungspfad:
C:\Program Files\WindowsApps\eBayInc.eBay_1.2.1.65_neutral__1618n3s9xq8tw\eBay.CoreApp.exe
Berichts-ID:
9516f554-d2d8-11e2-bee9-206a8a8e0cb7 Vollständiger Name des fehlerhaften Pakets:
eBayInc.eBay_1.2.1.65_neutral__1618n3s9xq8tw Anwendungs-ID, die relativ zum fehlerhaften
Paket ist: App
[ System Events ]
Error - 31.05.2013 10:45:34 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 04.06.2013 12:46:53 | Computer Name = malte | Source = DCOM | ID = 10010
Description =
Error - 04.06.2013 13:51:47 | Computer Name = malte | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile MTP Device
Error - 04.06.2013 16:03:13 | Computer Name = malte | Source = DCOM | ID = 10010
Description =
Error - 06.06.2013 12:46:29 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 06.06.2013 13:03:47 | Computer Name = malte | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 06.06.2013 13:03:47 | Computer Name = malte | Source = bowser | ID = 8003
Description =
Error - 08.06.2013 11:41:41 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 08.06.2013 11:42:09 | Computer Name = malte | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2013 um 19:16:36 unerwartet heruntergefahren.
Error - 10.06.2013 03:10:47 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
Lesestoff:
GMER herunter: (Dateiname zufällig) 
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.