| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.07.2012, 21:19
| #1 |
 |  Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 Hallo miteinander, Avira Free Antivirus hat beim Systemstart heute morgen in einer DLL-Datei C:\Users\****\AppData\Roaming\cnemc.dll den Trojaner TR\Crypt.EPACK.Gen8 ausfindig gemacht, den Zugriff gesperrt und das Objekt in Quarantäne verschoben. Eine voller Systemscan hat dann im Verzeichnis C:\Users\****\AppData\Local\Temp folgende Funde ans Tageslicht befördert: meacrwxons.exe - TR\Vcaredrix.A.3 aemwrosxnc.exe - TR\Crypt.ZPACK.Gen8 und hat diese ebenfalls unter Quarantäne gestellt. Ich bin mir nicht sicher, ob es sich um Falschmeldungen oder Befall handelt, Symptome, wie sie im Netz beschrieben sind, kann ich keine feststellen. Hier nun die Logfiles von OTL OTL.txt: Code:
ATTFilter OTL logfile created on: 29.07.2012 21:52:46 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\****\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 44,71% Memory free 7,60 Gb Paging File | 5,35 Gb Available in Paging File | 70,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,95 Gb Total Space | 143,53 Gb Free Space | 48,17% Space Free | Partition Type: NTFS Drive D: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 2,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: WOTAN | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 21:51:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe PRC - [2012.07.23 13:06:21 | 011,078,520 | ---- | M] (TeamDrive Systems GmbH) -- C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe PRC - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.09 15:51:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe PRC - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe PRC - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe PRC - [2011.10.11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe PRC - [2009.05.12 18:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe PRC - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe ========== Modules (No Company Name) ========== MOD - [2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe MOD - [2011.12.16 20:53:04 | 000,052,392 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe MOD - [2011.12.16 20:52:42 | 000,058,536 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe MOD - [2011.12.16 20:52:07 | 000,053,928 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.13 18:30:08 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32_crypto.pyd MOD - [2011.08.02 19:01:16 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtNetwork.pyd MOD - [2011.08.02 18:59:34 | 005,688,832 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtGui.pyd MOD - [2011.08.02 18:48:42 | 001,608,704 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtCore.pyd MOD - [2011.08.02 18:41:40 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\sip.pyd MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.15 20:20:24 | 007,950,848 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtGui4.dll MOD - [2011.05.15 20:12:06 | 000,948,736 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtNetwork4.dll MOD - [2011.05.15 20:11:08 | 002,248,192 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\QtCore4.dll MOD - [2011.04.13 11:03:25 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\simplejson._speedups.pyd MOD - [2010.12.20 22:19:35 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd MOD - [2010.11.30 03:26:56 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.python._initgroups.pyd MOD - [2010.11.30 03:26:54 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.protocols._c_urlarg.pyd MOD - [2010.11.27 23:31:18 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pyexpat.pyd MOD - [2010.11.27 23:31:16 | 000,721,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ssl.pyd MOD - [2010.11.27 23:31:16 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_hashlib.pyd MOD - [2010.11.27 23:31:16 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_elementtree.pyd MOD - [2010.11.27 23:31:16 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ctypes.pyd MOD - [2010.11.27 23:31:16 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\select.pyd MOD - [2010.11.27 23:31:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_socket.pyd MOD - [2010.11.01 19:54:08 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.SSL.pyd MOD - [2010.11.01 19:54:06 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.crypto.pyd MOD - [2010.11.01 19:54:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.rand.pyd MOD - [2009.07.22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe MOD - [2009.07.06 12:16:10 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32file.pyd MOD - [2009.07.05 14:51:28 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32com.shell.shell.pyd MOD - [2009.07.05 14:49:50 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pythoncom27.dll MOD - [2009.07.05 14:49:00 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32api.pyd MOD - [2009.07.05 14:48:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32trace.pyd MOD - [2009.07.05 14:48:52 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32security.pyd MOD - [2009.07.05 14:48:48 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32process.pyd MOD - [2009.07.05 14:48:38 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32event.pyd MOD - [2009.07.05 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32cred.pyd MOD - [2009.07.05 14:48:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pywintypes27.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.02 04:11:17 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1) SRV:64bit: - [2011.11.13 22:17:28 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.27 17:47:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.29 15:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.4) SRV - [2012.05.09 15:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 15:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.27 15:13:10 | 002,557,176 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Programme\WebDrive\wdService.exe -- (WebDriveService) SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.29 23:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService) SRV - [2009.10.20 11:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.12 18:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.05.20 18:39:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.09 15:51:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 15:51:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.13 22:17:28 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.11.13 22:17:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.27 14:38:22 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009.11.27 14:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.10.02 22:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.08.28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2012.02.27 15:13:04 | 000,089,336 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\WebDrive\wdfsd.sys -- (WebDriveFSD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 02 74 B4 01 6C CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.11.13 23:18:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.16 21:34:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 08:17:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 08:17:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.21 11:38:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011.11.13 23:18:16 | 000,000,000 | ---D | M] [2011.11.14 22:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.05.18 07:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\apnt54ca.default\extensions [2012.05.14 08:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.14 08:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.07.16 21:34:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.11.16 23:57:27 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012.05.18 07:22:47 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.04.26 22:40:27 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APNT54CA.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.03.20 13:05:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [1999.12.31 16:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.03.20 13:05:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.20 13:05:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.20 13:05:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.20 13:05:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.20 13:05:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.20 13:05:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.24 12:01:43 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 timstein.de O1 - Hosts: 127.0.0.1 www.timstein.de O2:64bit: - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.) O4 - HKCU..\Run: [cnemc] rundll32.exe "C:\Users\****\AppData\Roaming\cnemc.dll",FIsHTMLFileW File not found O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKCU..\Run: [Ubuntu One] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKCU..\Run: [Ubuntu One Icon] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - HKCU..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk = C:\Program Files (x86)\TeamDrive 3\TeamDrive3.exe (TeamDrive Systems GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9021DC6B-73B4-4F8A-9769-FE2331350805}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.03 18:24:20 | 000,043,344 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.02.03 12:05:02 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell - "" = AutoRun O33 - MountPoints2\{c8127738-9b76-11e1-9695-d17409a2f8a4}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010.04.03 18:24:20 | 000,043,344 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 21:51:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia [2012.07.24 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.07.24 11:07:08 | 000,000,000 | ---D | C] -- C:\xampp [2012.07.24 10:57:24 | 000,000,000 | ---D | C] -- C:\SERVER [2012.07.24 10:04:26 | 000,000,000 | --SD | C] -- C:\Users\****\Documents\Spaces [2012.07.23 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TeamDrive3 [2012.07.23 14:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive 3 [2012.07.23 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamDrive 3 [2012.07.23 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Games [2012.07.23 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.07.16 21:44:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\DDMSettings [2012.07.15 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Skype [2012.07.15 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.15 21:19:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.15 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.15 21:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.07.06 13:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.07.06 12:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP ========== Files - Modified Within 30 Days ========== [2012.07.29 21:51:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.29 21:50:53 | 000,000,168 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.07.29 21:50:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2012.07.29 21:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 18:05:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 18:05:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 18:01:20 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.29 18:01:20 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.29 18:01:20 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.29 18:01:20 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.29 18:01:20 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.29 17:55:36 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.07.29 17:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 17:54:23 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys [2012.07.27 17:55:29 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2012.07.27 15:40:59 | 000,007,253 | ---- | M] () -- C:\Users\****\.recently-used.xbel [2012.07.24 12:01:43 | 000,000,872 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.23 14:37:45 | 000,001,086 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2012.07.22 13:26:48 | 000,243,367 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg [2012.07.22 13:24:25 | 007,750,918 | ---- | M] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg [2012.07.12 09:19:42 | 000,325,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.29 21:50:53 | 000,000,168 | ---- | C] () -- C:\Users\****\defogger_reenable [2012.07.29 21:50:09 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2012.07.27 15:40:59 | 000,007,253 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2012.07.23 14:37:45 | 000,001,086 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2012.07.22 13:26:47 | 000,243,367 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047g+.jpg [2012.07.22 13:24:22 | 007,750,918 | ---- | C] () -- C:\Users\****\Desktop\Panorama_SeeRhein_(Konstanz)_2047.jpg [2012.07.12 22:07:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.06 12:55:41 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.06.20 10:22:40 | 000,000,000 | ---- | C] () -- C:\Users\****\raum.tiff [2012.05.21 11:28:32 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.15 09:14:17 | 000,000,386 | ---- | C] () -- C:\Users\****\.JavaPowUpload.properties [2012.03.28 13:13:46 | 000,001,003 | ---- | C] () -- C:\Users\****\.scala_history [2012.02.25 16:52:50 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.02.25 16:52:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.02.12 23:39:36 | 000,000,104 | ---- | C] () -- C:\Users\****\.asadminpass [2011.11.29 00:17:31 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2011.11.13 22:47:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.11.13 22:47:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.11.13 22:47:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.11.13 22:47:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.11.13 22:47:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== LOP Check ========== [2012.05.07 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software [2012.07.06 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.03.10 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.11.13 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DigitalPersona [2012.07.29 21:55:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2012.03.07 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc [2012.03.23 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2012.07.22 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.11.21 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice [2012.07.26 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia [2011.11.17 00:16:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++ [2011.11.13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2012.02.24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\postgresql [2011.11.15 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Revolver Preferences [2012.04.05 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion [2012.07.29 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamDrive3 [2012.03.13 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.11.14 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2011.12.07 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian [2012.02.12 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\updatetool [2012.04.29 20:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xm1 [2012.07.29 17:55:36 | 000,000,560 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job [2009.07.14 07:08:49 | 000,029,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.07.2012 21:52:46 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\****\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 44,71% Memory free
7,60 Gb Paging File | 5,35 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,95 Gb Total Space | 143,53 Gb Free Space | 48,17% Space Free | Partition Type: NTFS
Drive D: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 2,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: WOTAN | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ED1C66C-0D9D-4FB4-B522-CC741F9A8530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE3EC49A-F1E5-40B8-A5B4-80179AD38B05}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059262B9-8E0B-41A0-B465-C8C497333211}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0A809180-2582-403E-9CAC-2BD51B47BD57}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{109E5748-1B2A-41D3-93CC-0A3CD8F9A15B}" = protocol=17 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{135961FC-3878-42BB-92AB-334BD00CD0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{13FF5BCA-30E9-4147-B6F6-1B1720A42066}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{156450FB-98CE-4E0B-B8C4-B363471C98B7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{159C5108-9550-4E31-ABD8-8C33E9954946}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C2C062F-E582-41D9-A7B1-24FE1F9E73D9}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{1DA2436F-21D6-450C-9108-B302F023A22F}" = protocol=17 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"{21C337E9-070E-4D4F-9121-A84C96C79631}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2CB8AED5-2E13-49F4-AEF7-8F5E270878AC}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{39970A6E-2502-4817-B828-56543794D061}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3DBB311E-9766-48FA-82D3-FC392FD52B38}" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntu-sso-login.exe |
"{3FD551C3-CA76-41B6-835E-1E0E176CCFCA}" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"{45F4E8C9-BDC4-4155-A642-743BDC1C8D2E}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{4C9BDB0B-8F79-4A3B-9511-0C63576D8831}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50306D93-F32E-4925-B52D-9C9C2FD56C38}" = protocol=6 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe |
"{5076E8EE-44C3-4A12-BE38-2D37AD0975AC}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{54F605A4-B0C8-4D4C-B9B0-3FDB7080B375}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"{55751293-7DB8-4E19-8016-DEA0561997E7}" = protocol=6 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"{5B5A7D17-E1DB-4A2F-9CDB-62871F8BEC85}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{61BF9F19-AFD3-406E-88B0-0337CDC22FEA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntu-sso-login.exe |
"{6D9E1945-2F1A-4B28-BC66-20A60773AFD1}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{73075364-C80D-4445-A063-19D0EDDA2801}" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"{7C3CA4C6-8FA8-4F09-9694-08E77399C560}" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"{865B76AF-1313-432B-96B7-140B13599EAC}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{8969F3AD-3F5F-4B36-8A20-91F98B044040}" = protocol=17 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe |
"{93E360E1-4D83-409C-ADBE-C65F2BBFBD5C}" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"{97C2B30B-D98C-444B-B080-5894771893D4}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{A1077D28-28E7-4238-B8A9-E4E603CA2783}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A4AC4BB8-79D0-4900-A818-457963E33B04}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\vlc setup helper.exe |
"{A9D9938A-D027-4C4B-98AD-97FE7113A4ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AAC1EFF1-DB2B-4552-A87D-CE5950F5115E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B758D238-C2F9-4BDF-BC4B-85182D8EA7E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B905FDC5-75F8-4254-AB8B-AAA19335F405}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BCFD538C-C232-41AE-AFB6-049A67C51F48}" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{D4BBEB8F-9015-41A0-AB32-92FD3BA4B6A3}" = protocol=6 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{D51A68FA-9DCE-4224-ACDF-04BE425F03F5}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{E610A91B-2CBB-4596-9008-AD92594A2A71}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"{EB8A432A-3970-47D0-A49F-CA66C6BAD087}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{EBADE8AA-55BE-40F2-8E16-DFE006506A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{EBEE3B0B-78B8-46AC-BE86-7DA5489E9D43}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F3BACC1A-DF89-4B2E-B20F-7BA8CE1A03F3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FA7055C9-B200-449C-BDC5-93F21EE6C721}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{FDBCB88D-C832-46CE-B120-7C82C42FD2F4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1F1B825A-5BE5-4A09-AF85-A2A230216077}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{48356998-C60A-4B8E-9A8A-BB8CFD85795B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{6E298A7F-C8A4-4197-9374-F8DDB1570D7D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{6FEBF13F-EB2A-4E80-A505-3440E68422C8}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{8F0836E9-0035-4037-86A2-67FFE447FF11}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9AB1D9CF-AA90-4525-AA3F-D2678F902447}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe |
"TCP Query User{AB72FDEF-00E0-4720-842E-5D5F229AF195}C:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"TCP Query User{BDBA4CE1-CE8C-4603-ACFE-9C318D5E4AAC}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"TCP Query User{C025494F-9B81-4ECC-B111-0E9732000042}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D78F6321-6F66-410B-95E0-849CCC9F8EA1}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"TCP Query User{E1B89A04-0B19-4C92-8C3A-667836D7B7E6}C:\program files (x86)\revolver office\revolver office.exe" = protocol=6 | dir=in | app=c:\program files (x86)\revolver office\revolver office.exe |
"TCP Query User{EF50EB4B-676B-4506-881C-17AD8B67387B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{FBCBF4C0-E4B5-4BE9-96ED-EDAF42365AF3}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{17E2C28C-6306-4475-B123-52F32832971F}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{1A4C567F-11EA-4757-9EC9-ADD294C20162}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"UDP Query User{34A3D9A8-76AB-4A3F-8D28-8D56A499230B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{659C1499-A527-4DBF-B11D-516DC321FE31}C:\program files (x86)\revolver office\revolver office.exe" = protocol=17 | dir=in | app=c:\program files (x86)\revolver office\revolver office.exe |
"UDP Query User{6EE11CE3-1093-49F5-84C4-2604AECD8D17}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"UDP Query User{8CE25D05-80CB-4CC3-B04D-61D861D96103}C:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"UDP Query User{9468F6E8-C96A-41D3-8CB5-F67E69EEE622}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{A4EB03A0-265A-49B2-A25F-CBC381029D61}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{AFE7E5DD-CA26-4083-9080-F814B06D9FA0}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{D2E42964-3ED3-48AC-A35C-161CEC17657B}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D858BDD8-BD6E-48BF-9111-F3EBC60DB204}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{E73265AC-98CA-4CD9-86E8-FC330E67DD1D}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe |
"UDP Query User{F883F82E-C70D-4842-B031-127DD9947327}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4371D69B-FB6A-4A61-8477-C1B919FB2311}" = TortoiseSVN 1.7.7.22907 (64 bit)
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9CFA7A85-AEB6-487B-9C8E-C3C9432AA8F7}" = TortoiseOverlays
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{ECAD1063-CF2B-45F3-8355-A8B970007A80}" = Intel® SDK for OpenCL* Applications 2012
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F" = Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"PostgreSQL 9.1" = PostgreSQL 9.1
"TortoiseCVS_is1" = TortoiseCVS 1.12.5
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2460EA85-D9D1-4D44-915E-6019271AFB1D}" = VC9RunTimeX64
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A37B181-B8D0-48C3-B4A4-5DC1ED104CED}" = VC9RunTime
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7606E6DA-E168-42B5-8345-B08BF774CB30}" = The Scala Programming Language
"{76F9F5C5-FF87-4ED8-B63C-2A25A299C4AA}" = CVSNT 2.5.05.3744
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8619B63A-4E7F-44A5-8CA6-2B0A16EC864D}" = Giter8
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9DCF4E9-A41B-40E7-B028-2255E36D2A1C}" = TortoiseOverlays
"{CE07BE71-510D-414A-92D4-DFF47631848A}" = Simple Build Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CMake 2.8.8" = CMake 2.8, a cross-platform, open-source build system
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.3
"Git_is1" = Git version 1.7.10-preview20120409
"IETester" = IETester v0.4.11 (remove only)
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JabRef 2.7.2" = JabRef 2.7.2
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Opera 12.00.1467" = Opera 12.00
"pgJDBC 9.0-801-1" = pgJDBC 9.0-801
"Revolver Office_is1" = Revolver Office 8.4.5
"Secure Eraser_is1" = Secure Eraser v4.0
"TeamDrive 3 3.0.4.151" = TeamDrive 3
"TeamViewer 7" = TeamViewer 7
"Texmaker" = Texmaker
"Trillian" = Trillian
"Ubuntu One 2.0.3" = Ubuntu One
"VLC media player" = VLC media player 2.0.1
"VLC Setup Helper_is1" = VLC Setup Helper
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xampp" = XAMPP 1.8.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{a440ca9f-b112-4900-852e-f90baf37ce20}" = The Typesafe Stack
"Dropbox" = Dropbox
"Qt SDK" = Qt SDK
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.07.2012 11:56:58 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8159
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9158
Error - 27.07.2012 11:56:59 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9158
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076
Error - 27.07.2012 19:14:50 | Computer Name = Wotan | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
Error - 28.07.2012 13:05:50 | Computer Name = Wotan | Source = EventSystem | ID = 4622
Description =
Error - 29.07.2012 06:03:30 | Computer Name = Wotan | Source = PostgreSQL | ID = 0
Description = Zeitüberschreitung beim Warten auf Start des Servers
Error - 29.07.2012 11:56:19 | Computer Name = Wotan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
Zeitstempel: 0x4d688122 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000031a3d
ID
des fehlerhaften Prozesses: 0xc48 Startzeit der fehlerhaften Anwendung: 0x01cd6da290615a6c
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ef80086f-d995-11e1-9095-f04da282106d
[ Broadcom Wireless LAN Events ]
Error - 30.05.2012 03:29:17 | Computer Name = Wotan | Source = WLAN-Tray | ID = 0
Description = 09:29:17, Wed, May 30, 12 Error - Unable to gain access to user store
[ System Events ]
Error - 19.07.2012 11:39:07 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?07.?2012 um 17:34:37 unerwartet heruntergefahren.
Error - 19.07.2012 11:45:36 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 24.07.2012 05:38:07 | Computer Name = Wotan | Source = DCOM | ID = 10010
Description =
Error - 26.07.2012 06:19:50 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 12:16:32 unerwartet heruntergefahren.
Error - 26.07.2012 06:23:48 | Computer Name = Wotan | Source = DCOM | ID = 10010
Description =
Error - 26.07.2012 09:27:47 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 15:19:38 unerwartet heruntergefahren.
Error - 26.07.2012 09:34:23 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 29.07.2012 06:09:51 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 29.07.2012 11:54:31 | Computer Name = Wotan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2012 um 15:38:06 unerwartet heruntergefahren.
Error - 29.07.2012 12:00:48 | Computer Name = Wotan | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
Viele Grüße, Louis |
| Themen zu Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8 |
| 7-zip, adobe, antivirus, application/pdf:, autorun, avg, avira, bho, bonjour, browser, cpu, document, eraser, error, firefox, flash player, format, gesperrt, grand theft auto, helper, helper.exe, install.exe, langs, mp3, nicht sicher, ntdll.dll, plug-in, realtek, registry, rundll, software, tr/crpyt.epack.gen8, tr/crypt.zpack.gen8, tr/vcaredrix.a.3, tracker, trojaner, udp, virtualbox, visual studio, windows, wlan, wrapper |
Baum-Darstellung