| |
| |||||||
Log-Analyse und Auswertung: 20. BKA-Klon als Osterreich-AusgabeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.08.2012, 17:52
| #1 |
 |  20. BKA-Klon als Osterreich-Ausgabe Hallo zusammen! Jetzt ist die "Polizei" auch meinen üblen Machenschaften auf die Schliche gekommen und will mich mit 100EUR davonkommen lassen. Die sind ganzschön dumm bei dem was ich alles auf dem Kerbholz habe! Spaß beiseite .. hab mir was eingefangen und will mir das neu Aufsetzen sparen, da Original-CD momentan nicht auffindbar. Da hier schon diversen Leuten mit dem gleichen Problem geholfen wurde .. vielleicht geht noch einer mehr? Büüüddeeee  Malwarebytes Antimalware hat interessanterweise nichts gefunden, aber sobald ich Internet anstecke kommt die typische Einblendung und ich kann nur mehr über den Affengriff runterfahren. Beim Ausführen von Antimalware kamen beim Laden des programms 2 Fehlermeldungen mit kryptischen Infos ... denke aber das war weil das Update nicht gefunzt hat. Der Scan lief dann ganz normal durch. Hier die OTL-Logs (Das da Namen drinstehn is mir egal, da das nur der Vorbesitzer ist  )OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 16:29:46 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Werner Beyer\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,66% Memory free 5,98 Gb Paging File | 4,98 Gb Available in Paging File | 83,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 296,10 Gb Total Space | 209,80 Gb Free Space | 70,86% Space Free | Partition Type: NTFS Drive D: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,71% Space Free | Partition Type: NTFS Drive F: | 120,73 Mb Total Space | 105,09 Mb Free Space | 87,04% Space Free | Partition Type: FAT Computer Name: WERNERBEYER-PC | User Name: Werner Beyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 19:40:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe PRC - [2012.07.11 12:50:47 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.11 12:50:46 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2012.01.17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.03.03 06:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.03.03 06:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe PRC - [2009.08.19 14:41:26 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2007.11.19 04:19:35 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE PRC - [2007.09.14 10:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.31 18:48:07 | 000,278,952 | ---- | M] () -- C:\Users\WERNER~1\AppData\Local\Temp\deo0_sar.exe MOD - [2012.07.11 12:50:48 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.11 12:50:46 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.17 17:09:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.17 17:08:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.17 17:08:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 14:14:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 14:13:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 14:13:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 14:13:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 14:13:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.07 13:47:54 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.04.13 16:11:38 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3713.40579__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3713.40390__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3713.40421__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3713.40502__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3713.40413__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.04.13 16:11:38 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3713.40555__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010.04.13 16:11:37 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3713.40574__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3713.40458__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,655,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3713.40549__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3713.40531__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3713.40492__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3713.40478__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3713.40422__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3713.40479__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3713.40457__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3713.40465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3713.40547__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3713.40402__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3713.40470__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3713.40532__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3713.40477__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3713.40454__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3713.40465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3713.40579__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3713.40423__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3713.40456__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3713.40450__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3713.40455__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3713.40456__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3713.40428__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3713.40467__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3713.40375__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.04.13 16:11:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.04.13 16:11:36 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3713.40376__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3713.40382__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.04.13 16:11:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.04.13 16:11:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3713.40377__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.04.13 16:11:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3713.40529__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.04.13 16:11:36 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3713.40382__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3713.40380__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3713.40540__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3713.40389__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3713.40383__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.04.13 16:11:35 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3713.40571__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3713.40515__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.04.13 16:11:35 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3713.40412__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.04.13 16:11:35 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3713.40379__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3713.40523__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3713.40376__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3713.40520__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3713.40501__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3713.40386__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3713.40547__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3713.40444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3713.40388__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.04.13 16:11:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3713.40477__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3713.40417__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3713.40455__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3713.40382__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.04.13 16:11:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3713.40402__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.04.13 16:11:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3713.40540__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3713.40381__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3713.40530__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3713.40469__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3713.40379__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3713.40522__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3713.40417__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3713.40378__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3713.40464__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3713.40380__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3713.40378__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3713.40388__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3713.40377__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3713.40412__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3713.40401__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3713.40411__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.04.13 16:11:35 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3713.40531__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3713.40377__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.04.13 16:11:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3713.40387__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3713.40383__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.04.13 16:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3713.40388__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.04.13 16:11:35 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3713.40384__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.04.13 16:11:35 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3713.40381__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.04.13 16:11:34 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3713.40397__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.04.13 16:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3713.40386__90ba9c70f846762e\APM.Server.dll MOD - [2010.04.13 16:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3713.40384__90ba9c70f846762e\AEM.Server.dll MOD - [2010.04.13 16:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3713.40395__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.04.13 16:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.04.13 16:11:34 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3713.40522__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.04.13 16:11:34 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3713.40395__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.04.13 16:11:34 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3713.40419__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.09.14 10:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe ========== Win32 Services (SafeList) ========== SRV - [2012.07.11 12:50:47 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 15:18:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.03 06:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WERNER~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2011.05.27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.03.03 06:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.03.03 06:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.03.03 05:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.01.28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.11.18 10:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.16 13:53:02 | 000,201,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295349632&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=3079&id=64855&mkt=de-at&cbcxt=mai&snsc=1 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 8B A4 AD 01 B7 CB 01 [binary data] IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes,DefaultScope = {8D1C9923-D613-4A30-B8D8-B2C5CE498D46} IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{8D1C9923-D613-4A30-B8D8-B2C5CE498D46}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4820FC2A-2639-4288-B7F4-74BF93500ADB}&mid=d1b280f71b4147d693a2318208b219b1-ee0ab04aca1922b104a4361adfe30cb3ca42d9a7&lang=de&ds=AVG&pr=fr&d=2011-12-12 14:15:32&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012.02.03 15:20:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 12:50:54 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Brdefprn] C:\Program Files\Brother\BRHL2170\Brdefprn.exe () O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [Remote Control Editor] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000..\Run: [] C:\Users\Werner Beyer\AppData\Local\Temp\vohigzkbcn.exe () O4 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B340E25-2430-4CBC-8811-0D0C381438ED}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC188091-8EFF-4A82-B945-02794776F8BC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 16:26:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe [2012.07.12 18:03:40 | 000,000,000 | ---D | C] -- C:\babumusik [2012.07.11 17:42:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 17:41:59 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 17:41:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 17:41:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 17:41:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 17:41:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:41:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 17:40:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 12:55:00 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 12:54:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 12:54:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2011.08.23 12:09:11 | 019,893,710 | ---- | C] (Österreichischer Kachelofenverband ) -- C:\Users\Werner Beyer\kob1602_DE_setup.exe ========== Files - Modified Within 30 Days ========== [2012.08.02 16:28:19 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.02 16:28:19 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.02 16:28:19 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.02 16:28:19 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.02 16:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 16:26:00 | 000,000,995 | ---- | M] () -- C:\Windows\Brownie.ini [2012.08.02 16:20:01 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 16:20:01 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.08.02 16:12:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 16:12:11 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 16:09:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 16:07:50 | 102,814,610 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.31 19:40:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe [2012.07.31 18:48:29 | 000,001,894 | ---- | M] () -- C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.31 18:37:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 16:57:37 | 000,252,388 | ---- | M] () -- C:\Users\Werner Beyer\Desktop\Beckefeld.skp [2012.07.12 12:56:12 | 000,096,532 | ---- | M] () -- C:\Users\Werner Beyer\Desktop\hgfgfxddf.skp [2012.07.11 18:03:58 | 000,323,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.31 18:48:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 18:48:29 | 000,001,894 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 16:57:37 | 000,252,388 | ---- | C] () -- C:\Users\Werner Beyer\Desktop\Beckefeld.skp [2012.07.12 12:56:11 | 000,096,532 | ---- | C] () -- C:\Users\Werner Beyer\Desktop\hgfgfxddf.skp [2011.07.21 17:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Local\{89159D74-1E89-4EE8-B3A8-8731D54AA00C} [2011.05.31 17:38:41 | 000,000,000 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Local\{9F542968-B450-4C38-A3E9-5E6E9E7E1BD6} [2011.05.17 15:36:05 | 000,000,208 | ---- | C] () -- C:\ProgramData\e3455EjLoOkA1368 [2010.12.13 14:26:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE ========== LOP Check ========== [2011.01.21 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\AVG10 [2010.05.07 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Bump Technologies, Inc [2011.12.01 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Canneverbe Limited [2012.07.31 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Canon [2011.03.19 22:30:01 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FileMaker [2011.03.23 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FileMaker Pro [2010.12.13 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FreeCommander [2011.07.07 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Leadertech [2010.05.07 13:48:24 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\OpenOffice.org [2010.05.07 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\TerraTec [2010.05.07 14:56:46 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Uniblue [2012.06.22 15:20:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8C35AEA7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 16:29:46 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Werner Beyer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,66% Memory free
5,98 Gb Paging File | 4,98 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296,10 Gb Total Space | 209,80 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
Drive D: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,71% Space Free | Partition Type: NTFS
Drive F: | 120,73 Mb Total Space | 105,09 Mb Free Space | 87,04% Space Free | Partition Type: FAT
Computer Name: WERNERBEYER-PC | User Name: Werner Beyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A6204B-FB0D-4738-8131-06E25BB73317}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0EF63493-1E73-4BB1-928B-0016CC1991E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F1F5AFC-E7F7-4322-B9B5-0826E3D9F0FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C34D574-81FA-4BDC-B917-93291BB5EB19}" = rport=445 | protocol=6 | dir=out | app=system |
"{35D765A6-438B-45D7-9FD2-B5B1FF073E8D}" = lport=445 | protocol=6 | dir=in | app=system |
"{36457F3C-A9A3-41CC-A614-10AA0664F0EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45658E32-2235-4CBA-B67E-42043C1A4EE1}" = rport=138 | protocol=17 | dir=out | app=system |
"{59C60466-E2A5-4475-BF4B-29C6F742F63F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{615027A1-2B65-4C74-94CB-CDB561A7ED71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{745866D2-CB77-456C-A10C-BE7DF7626CEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8075D2A7-322E-439D-A139-9E69767AA7E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA75516-3488-4FD9-8BA2-5E6342ADCB00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D07A6C5-9639-4E52-A958-2C4BE44DFC19}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0734C74-2D88-4C3E-9558-A3B2AE14CE78}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE25FCC0-C055-42D5-B983-B106BC2F6F38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CDC5407F-74A5-43A5-ACE3-D5DB4433DD67}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF448A81-F81D-4BE9-8BC0-76DBED5E9340}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF542BFE-100B-4892-B1D0-E6E864F18F6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{E05E8DCD-8637-4014-9E95-E68FE21094B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA9EC85E-E654-4A03-81C0-A9FEFEA35E22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAEDB136-2C07-490A-BB5C-C788855A7A34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB9A81D0-30C9-49CA-A1BF-E362E13125E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2A1A339-062C-4C03-BE95-DCCCD2ED7875}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9E08B65-3FC8-467A-A077-72AD80B4E473}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F14023-9CA7-4EEA-BDE0-220143B6E673}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D9D6972-8963-4A12-A142-54C52C647D2D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0F7B14F2-F4A4-4A9C-BAE4-1224FD464D36}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{15F1C6EE-E196-46F8-A2A9-FE5EFC28CF9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1794618C-B419-4EA6-8E97-1A473F8635C7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{2240A501-0A95-43EA-A630-7A2E7DD3945C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2B177F1D-2CA3-4B7E-9B3A-1F0ADD083846}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{3B45D4C0-E651-4099-A34F-D9E90F682973}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4B5ACB97-C083-4E43-A969-A92023011141}" = protocol=17 | dir=in | app=c:\users\werner beyer\appdata\local\temp\{2eedb09f-eaee-4a90-a15d-c93cb94a2f93}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{4B797AED-7174-47AA-9964-F55BC9B20D20}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{56E8FF9F-342A-40D8-B2B0-D3074EAB28E0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{57590A36-B486-4727-BE59-85289D311EF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59107423-3554-4D33-AC45-A7193587FFEC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5CE53957-AAD0-41E0-A0EB-3B0C5C9C7259}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F158955-F8D8-42ED-81C7-CE70E8AA5E7D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6C5EB12D-115B-4BD7-9A65-4C4C33910B2B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{754FEAEC-BD02-43A1-8519-69ECB748A5B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7C981E99-7E16-4B21-B29A-5EB74FCE71A0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{87616DC8-3367-41FF-99AC-266F644269D5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87DD33D7-8E29-4800-A4F4-A121C9278B17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8F2135A3-EFA2-47D6-BE42-F0D50E752A57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1E3F3CA-D317-439E-9432-96891313533B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A76C3FBF-2623-4E8F-BD76-10974C2537DA}" = protocol=6 | dir=in | app=c:\users\werner beyer\appdata\local\temp\{2eedb09f-eaee-4a90-a15d-c93cb94a2f93}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{A8F91888-FF83-474A-AE0A-7D141E8657CF}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{BBF4ECD3-650A-4F5F-8DF2-5E3D28E887FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE6155BA-EA4A-4C0A-8033-7FBCF70CA17E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0F3C0BD-A1DF-4F66-A594-33A9BC871642}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C2507D43-F4C7-4B88-A060-6AA614E2C1EA}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{C93E9E1A-BCDD-4E0D-9B89-00C3F5A1ED2D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CAEDA296-12AF-4E23-9571-0C45CC0BA845}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBB1B5F6-897F-498A-94DE-686BE00CA2AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDFF6154-A3FA-47C2-975B-15EDCAD23AC6}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{D2B2A52E-2F79-4454-A306-830697C1C6CF}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{D5C36848-6EDB-47DB-9C83-693327FCCFF7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E051B44F-80F0-47C2-B643-FE84F92FB75A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E37C02E3-AC80-4868-9988-7063BAEF82A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{E65290A9-92B4-4DA8-9BF1-F3DF1E0BCF37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E9B23B4E-3FB5-41AC-A35F-2B121D2C9A26}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2054B30-7649-4BF9-B93F-BBE692100F4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F30268EC-CAE1-49AF-B5C4-63F5A2246E0D}" = dir=in | app=c:\program files\airport\apagent.exe |
"{F5457762-44C0-4708-AFE4-5F9B89F4B333}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F7262E47-9492-4421-8051-7138901C92D0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FDE00EB9-C5E3-4C21-96C1-DC9C94101AB7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01144BEA-886C-067C-5879-4773516F9A8F}" = Catalyst Control Center Graphics Previews Vista
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FC27548-D4DB-8039-456B-D9E743FEF86F}" = CCC Help English
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E18D88A-5067-324B-382C-9166D4388ED0}" = ccc-core-static
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B07D8FE-CC01-23CE-3961-751687074E54}" = Catalyst Control Center Graphics Previews Common
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F817DD0-D103-196F-5D63-365DC87B43EE}" = Catalyst Control Center HydraVision Full
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DDF7334-8CCD-4077-86B7-8D8E6E0AAB5D}" = Tweaker for Outlook Express
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FE1465B-059A-420D-A884-D28B84F910A3}" = Brother HL-2170W
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90aa6430-6a3a-4f3a-a15d-ed5ed74752cc}" = Nero 9 Essentials
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9903001D-2728-9D9B-3D8B-F593A502A972}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B535DA73-AAD1-51E8-9232-9358D2A20E9B}" = Catalyst Control Center Graphics Full Existing
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C91BC5DF-C6BD-388B-FEB8-2721B9D5C97B}" = Catalyst Control Center Core Implementation
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{D575E1CA-56BB-2944-744E-E7CD1EDB9C82}" = Catalyst Control Center Graphics Full New
"{D6AAE701-6EA9-FAA1-AB38-227AA94531A1}" = Catalyst Control Center Graphics Light
"{D8508208-4591-2964-3DDB-16A4BE871230}" = ccc-utility
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
"{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Auto Update Service" = Canon Auto Update Service
"AVG" = AVG 2011
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DPP" = Canon Utilities Digital Photo Professional 3.11
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FreeCommander_is1" = FreeCommander 2009.02b
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Kachelofenberechnung Basic 1.0_is1" = Kachelofenberechnung Basic 1.0
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) Network Connections Drivers
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2.0.0.9)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.07.2012 06:55:06 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2012 06:55:07 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 11.07.2012 07:08:56 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 11.07.2012 07:09:31 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 11.07.2012 07:10:23 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.07.2012 07:10:24 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 12.07.2012 06:05:15 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12.07.2012 06:05:27 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 12.07.2012 06:06:11 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.07.2012 06:06:11 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ OSession Events ]
Error - 05.09.2011 10:51:43 | Computer Name = WernerBeyer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5782
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.07.2012 12:34:55 | Computer Name = WernerBeyer-PC | Source = bowser | ID = 8003
Description =
Error - 31.07.2012 02:50:46 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:22:20 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:51:24 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:55:23 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:05:17 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:08:21 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:36:04 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 02.08.2012 10:03:19 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 02.08.2012 10:13:33 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Kommt das über eine Lücke im IE8/9 daher oder kann man sich davor garnicht schützen? danke für alle Tipps! |
| Themen zu 20. BKA-Klon als Osterreich-Ausgabe |
| autorun, avg, avg secure search, avg security toolbar, bka-klon, branding, canon, cyber cryme investigation department, flash player, home, install.exe, internet, kinox.to, langs, logfile, netgear, neu aufsetzen, object, office 2007, paysafecard, plug-in, problem, realtek, registry, remote control, richtlinie, rundll, scan, secure search, security, senden, sketchup, software, svchost.exe, usb 2.0, vtoolbarupdater, windows, Österreich |
Baum-Darstellung