| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes hat pup.dealio.tb gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.11.2012, 07:54
| #16 |
 |  Malwarebytes hat pup.dealio.tb gefunden Mein Sohn hat es gut gemeint, entschuldige das Missgeschick.
__________________  Gestern hab ich mir das Internet runtergeladen |
|
15.11.2012, 17:20
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes hat pup.dealio.tb gefunden Das Spybot-Zeug verzerrt ein wenig das Log.
__________________Starte Windows bitte neu und wiederhol den letzten Schritt mit OTL bitte
__________________ |
|
15.11.2012, 20:15
| #18 |
| | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter OTL logfile created on: 15.11.2012 20:09:06 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 67,64% Memory free 6,49 Gb Paging File | 5,40 Gb Available in Paging File | 83,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,90 Gb Total Space | 194,11 Gb Free Space | 68,86% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\msr\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (DiinoService) -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys () DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (vmkbd2) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTDVHDA.sys (Realtek Semiconductor Corp.) DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 20:54:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions [2012.11.04 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\extensions [2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:54:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 20:54:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.07 00:40:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Diino 5] C:\Users\msr\AppData\Roaming\Diino\DiinoLauncher.exe () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingA1170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA129] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1326] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1353] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA15] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1824] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2081] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2181] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2390] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA252] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2736] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2851] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2946] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3646] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3755] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4714] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA5833] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA609] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA618] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6318] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6420] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6704] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6748] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6857] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7125] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7127] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7423] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7515] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7862] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7899] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8008] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8340] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8431] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8592] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9113] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9336] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9339] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9621] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9731] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9738] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingC1078] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1249] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1291] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1472] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2033] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2810] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3008] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3044] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3336] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4048] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC431] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4542] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4550] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4618] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4794] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5066] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5095] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5340] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5544] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5612] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5635] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5709] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC630] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6520] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC663] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6923] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7333] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7459] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7464] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7753] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC777] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8046] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8119] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8337] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8555] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8586] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8628] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8757] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8941] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8997] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9011] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9552] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9646] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1509] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1609] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1969] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2008] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2043] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2128] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3168] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3192] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3273] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3303] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3358] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3532] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3661] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3704] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3895] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4135] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4253] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4782] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5615] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5731] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5860] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6677] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6817] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6992] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7482] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7799] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7818] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7938] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8095] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8180] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB832] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8572] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8596] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8614] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB870] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9326] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9339] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1135] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1243] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1598] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1664] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1796] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2087] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2174] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2326] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2410] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2732] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD293] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3101] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3672] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3822] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4415] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4651] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5156] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5227] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5993] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6036] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6049] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6162] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6170] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6194] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6314] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6405] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6817] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7465] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7473] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7594] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7751] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7755] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8215] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8536] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8653] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8934] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9018] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9264] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9488] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9605] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9636] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9694] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9957] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\msr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..Trusted Domains: localhost ([]http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 20:10:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.14 20:09:20 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 20:09:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 20:08:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 20:08:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 20:08:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 20:08:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 20:08:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 20:08:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 20:08:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 20:08:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 20:08:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 20:08:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 20:08:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 08:47:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 08:47:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 08:47:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 08:47:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 08:47:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 08:46:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 08:46:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.07 00:40:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.05 23:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.04 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.04 20:32:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 18:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.04 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.11.04 17:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.11.03 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.03 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.31 08:31:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2012.10.31 08:31:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Files - Modified Within 30 Days ========== [2012.11.15 20:11:09 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 20:11:09 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 20:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 20:03:30 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 17:12:10 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 20:13:15 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.14 20:13:15 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.14 20:13:15 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.14 20:13:15 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.07 00:40:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.11.05 23:04:57 | 332,920,021 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:32:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 20:32:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.04 20:32:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.04 20:32:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.04 20:12:59 | 000,003,488 | ---- | M] () -- C:\Windows\wininit.ini [2012.11.04 18:57:42 | 000,001,240 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk [2012.11.04 18:57:42 | 000,001,218 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk [2012.11.04 17:49:54 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.04 17:48:28 | 000,001,024 | ---- | M] () -- C:\Windows\System32\.crusader [2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2012.11.14 20:09:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 20:08:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.05 23:04:57 | 332,920,021 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:12:52 | 000,003,488 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.04 18:57:42 | 000,001,240 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk [2012.11.04 18:57:42 | 000,001,218 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk [2012.11.04 17:48:28 | 000,001,024 | ---- | C] () -- C:\Windows\System32\.crusader [2012.11.04 17:42:58 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini [2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini [2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll [2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 20:09:06 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 67,64% Memory free
6,49 Gb Paging File | 5,40 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,11 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4704C3-7B42-4D15-894B-4C49C66A0355}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10C03517-E44F-452B-B7CA-7698D6C79419}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{1A44387F-0DB4-4468-A4D4-D443DAB22CD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F452FA4-9060-486E-98C3-74D05565476E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D904129-9661-456E-AA98-B22F72E0D6E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{413BABF0-6CA4-46AF-A82A-17158B9EBC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{426F4A77-E045-4A8E-AA69-47D4C3F6D963}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47DBBAE2-78AE-4E8D-9E85-14EB5330954E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549D28B0-19A9-4404-A90B-3A51AC9848B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72CDCF94-EE84-4A4E-A6B4-5E5AA1D32FA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{758454C0-7B33-46C0-8764-834B51C349B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{80EB5828-D6B9-4838-A798-24A05B5745EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{846C4D50-BDAC-4294-B9B9-6A8FB0778375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89BC5888-FA98-45E8-B30D-C4102D59061C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B2A1008-8988-44B6-A3A9-8F756D813DF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{9CA6EFDB-F7ED-4735-94F3-0189B6B5563D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F5EAC7D-9519-4D3B-8EA2-72958264CAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02DAE5A-DCBE-4816-AE11-E04FA5159B74}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{A78AF99B-1E3C-4D2C-9C00-7B24A8681194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF10C3FC-C8E8-48E8-93F5-CD697A6DDB7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4EB1796-3C1D-42E3-8985-E0281D6E637F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64148E7-8266-4E96-AA11-9AF7C2E914CF}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{DAF48259-9895-4012-BACB-AE81E712AFDC}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{DB4A09C3-F183-492D-A2AE-706214A502DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6663A6-9B18-4BAD-ACDC-832DCF1AF9A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFC181D6-6C25-455B-9DDE-0BEF8BEDDED3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD1DF68D-DA99-4B06-8192-A75E3DA38FAB}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC14C1-6F92-47CD-83C9-5BE293D7D6DB}" = protocol=17 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{073099D5-B6CB-4583-92AA-A5D99C22E811}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{0DFE3540-D2E6-4A93-A703-10DF8656CACA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{0FDC9713-E75C-4411-B219-F39148070833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21FDA86F-7C85-4499-9B38-C59FFF23828D}" = protocol=6 | dir=out | app=system |
"{36B9706E-18BD-4CB5-8A84-ED5CD2FBAFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C96FD18-E37A-4012-B63B-CBA3BE2FE252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42E46A8C-B7CB-4CD8-9B1E-F32B550D678A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{54D34425-8AC2-49E5-A8AD-38A99904B0CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{589753BA-28A6-4EFE-8F10-2448C2D5D9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D631953-D882-43B8-836B-2A669B285498}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{665EFE42-0003-4DF4-B6BC-AA235609F10F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ED6F8CE-BADF-4C70-B8AF-4C996E2AA4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70627151-16D2-446D-990E-85577F22CCD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BF3623A-FAB4-46A0-9DB3-CD7E38C2BF6B}" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{8362CF04-2744-46B2-A8B8-DD7B09EC1548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C461833-188E-45F2-8105-DE86137BF384}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6EA5C56-F395-4BB0-ACE3-18A72D9A417F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A8A69CD0-DBE5-43BE-AD83-1CF6FD28F83A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB6FDA47-1B8C-4824-A535-8E40A820D5ED}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{C1341D73-02CD-4D86-ABC7-13A14D8C07A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C60C74D8-0DB8-410D-81D5-3F05D75732D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CD9BB431-F569-48FE-853E-D8ABCF8B77FF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{D389C213-BB18-44AC-9DC6-B20BFC0E9289}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BAA1FB-0D1A-4B3B-849B-1306C37782A2}" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{EA62C671-3330-4096-AAF0-F0FD05443689}" = protocol=6 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED1209B4-B3FA-4944-AA02-7879052BB83A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F171DF75-3B87-4354-B469-A0437AA84BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2AB2ADC-B315-483D-BBB3-8A636E9E8E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9559637-9E35-4932-BB64-16EF3E268510}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA544C0A-452C-4339-8D26-9AF629A1351E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6B9B45-C6B8-43C7-AF0C-9C1254C48C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{83907A66-B654-4142-B41F-8FB1EF3D06FB}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{A1CFD68E-E745-4D06-B6BA-428D1DC3B48A}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"TCP Query User{E29872B9-F290-4BE3-B7CB-1203AB4877C9}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{EF17FDD0-7FB5-4174-B83E-AB8F90390253}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{3E139840-8504-48CC-B269-F2B63351EFF5}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{45029AEB-56AD-45AB-9504-A47EBCCA4853}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{88AE95CB-60C1-4DA6-9112-B15696C0A2C6}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{F3F1FE03-3419-46F0-973F-8E36B4F0981F}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000223-40C1-2701-0100-000001000000}" = Siemens Manual Collection (SR)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{8707E615-B513-444E-B5A9-1D2DC4E593FC}" = InsideIR4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A523B6C0-E70F-4FA1-933D-DA04971F607F}" = VmciSockets
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA2B5971-E0B9-4D01-B732-88768933543E}" = EPLAN Data Archive Zipped
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.3
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LoxPLAN_is1" = Loxone Config
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarkWare3.9.0" = MarkWare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VMware_Player" = VMware Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diino 5" = Diino 5
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.10.2012 04:05:18 | Computer Name = Optiplex380 | Source = MsiInstaller | ID = 11704
Description =
Error - 31.10.2012 04:07:58 | Computer Name = Optiplex380 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =
Error - 31.10.2012 04:09:24 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 01.11.2012 04:44:10 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 01.11.2012 15:10:02 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1006
Description =
Error - 02.11.2012 02:42:21 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 02.11.2012 10:35:25 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.11.2012 14:54:02 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 02.11.2012 15:23:01 | Computer Name = Optiplex380 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897ca0 Name des fehlerhaften Moduls: java.dll, Version: 6.0.290.11, Zeitstempel:
0x4e89b321 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004e0a ID des fehlerhaften Prozesses:
0xee8 Startzeit der fehlerhaften Anwendung: 0x01cdb92f73391a5a Pfad der fehlerhaften
Anwendung: C:\Program Files\Java\jre6\bin\javaw.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Java\jre6\bin\java.dll Berichtskennung: b70506c6-2522-11e2-8720-005056c00008
Error - 02.11.2012 15:23:11 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04.11.2012 12:50:17 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.6 Crusader (Boot)" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 05.11.2012 18:05:00 | Computer Name = Optiplex380 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?11.?2012 um 23:03:32 unerwartet heruntergefahren.
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Time is unreliable
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = BugCheck | ID = 1001
Description =
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Abort requested
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
VMware Authorization Service erreicht.
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VMware Authorization Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 05.11.2012 18:05:40 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "Sentinel HASP License Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 06.11.2012 19:40:19 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 08.11.2012 18:04:04 | Computer Name = Optiplex380 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
< End of report >
__________________ |
|
15.11.2012, 22:42
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Hast du Windows nicht neu gestartet vorher?  Die Einträge sind da immer noch und AFAIK sollten die beim nächsten Reboot weg sein
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.11.2012, 17:56
| #20 |
| | Malwarebytes hat pup.dealio.tb gefunden Ich hab Windows neu gestartet. Windows hat beim runterfahren auch Updates installiert.
__________________ Gestern hab ich mir das Internet runtergeladen |
|
16.11.2012, 19:23
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Deinstallier bitte Spybot KOMPLETT. Das Teil ist eh unbrauchbar bis wirkungslos. Starte Windows wieder neu und mach danach wieder ein neues OTL-Log.
__________________ --> Malwarebytes hat pup.dealio.tb gefunden |
|
16.11.2012, 21:14
| #22 |
| | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter OTL logfile created on: 16.11.2012 21:06:54 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,33% Memory free 6,49 Gb Paging File | 5,40 Gb Available in Paging File | 83,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,90 Gb Total Space | 194,40 Gb Free Space | 68,96% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\msr\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (DiinoService) -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys () DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (vmkbd2) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTDVHDA.sys (Realtek Semiconductor Corp.) DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 20:54:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions [2012.11.04 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\extensions [2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:54:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 20:54:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.07 00:40:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Diino 5] C:\Users\msr\AppData\Roaming\Diino\DiinoLauncher.exe () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingA1170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA129] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1326] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1353] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA15] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1824] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2081] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2181] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2390] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA252] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2736] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2851] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2946] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3646] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3755] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4714] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA5833] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA609] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA618] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6318] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6420] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6704] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6748] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6857] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7125] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7127] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7423] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7515] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7862] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7899] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8008] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8340] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8431] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8592] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9113] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9336] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9339] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9621] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9731] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9738] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingC1078] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1249] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1291] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1472] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2033] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2810] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3008] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3044] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3336] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4048] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC431] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4542] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4550] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4618] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4794] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5066] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5095] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5340] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5544] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5612] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5635] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5709] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC630] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6520] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC663] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6923] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7333] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7459] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7464] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7753] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC777] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8046] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8119] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8337] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8555] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8586] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8628] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8757] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8941] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8997] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9011] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9552] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9646] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1509] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1609] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1969] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2008] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2043] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2128] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3168] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3192] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3273] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3303] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3358] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3532] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3661] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3704] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3895] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4135] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4253] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4782] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5615] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5731] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5860] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6677] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6817] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6992] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7482] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7799] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7818] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7938] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8095] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8180] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB832] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8572] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8596] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8614] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB870] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9326] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9339] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1135] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1243] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1598] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1664] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1796] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2087] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2174] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2326] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2410] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2732] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD293] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3101] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3672] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3822] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4415] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4651] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5156] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5227] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5993] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6036] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6049] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6162] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6170] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6194] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6314] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6405] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6817] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7465] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7473] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7594] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7751] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7755] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8215] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8536] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8653] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8934] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9018] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9264] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9488] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9605] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9636] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9694] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9957] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\msr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..Trusted Domains: localhost ([]http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 20:10:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.14 20:09:20 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 20:09:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 20:08:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 20:08:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 20:08:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 20:08:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 20:08:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 20:08:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 20:08:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 20:08:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 20:08:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 20:08:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 20:08:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 08:47:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 08:47:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 08:47:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 08:47:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 08:47:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 08:46:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 08:46:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.07 00:40:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.05 23:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.04 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.04 20:32:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.04 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.11.04 17:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.11.03 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.03 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.31 08:31:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2012.10.31 08:31:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Files - Modified Within 30 Days ========== [2012.11.16 21:03:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.16 21:03:39 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.16 20:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.16 18:37:29 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 18:37:29 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:12:10 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 20:13:15 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.14 20:13:15 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.14 20:13:15 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.14 20:13:15 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.07 00:40:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.11.05 23:04:57 | 332,920,021 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:32:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 20:32:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.04 20:32:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.04 20:32:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.04 20:12:59 | 000,003,488 | ---- | M] () -- C:\Windows\wininit.ini [2012.11.04 17:49:54 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.04 17:48:28 | 000,001,024 | ---- | M] () -- C:\Windows\System32\.crusader [2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2012.11.14 20:09:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 20:08:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.05 23:04:57 | 332,920,021 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:12:52 | 000,003,488 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.04 17:48:28 | 000,001,024 | ---- | C] () -- C:\Windows\System32\.crusader [2012.11.04 17:42:58 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini [2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini [2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll [2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 21:06:54 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,33% Memory free
6,49 Gb Paging File | 5,40 Gb Available in Paging File | 83,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,40 Gb Free Space | 68,96% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4704C3-7B42-4D15-894B-4C49C66A0355}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10C03517-E44F-452B-B7CA-7698D6C79419}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{1A44387F-0DB4-4468-A4D4-D443DAB22CD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F452FA4-9060-486E-98C3-74D05565476E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D904129-9661-456E-AA98-B22F72E0D6E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{413BABF0-6CA4-46AF-A82A-17158B9EBC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{426F4A77-E045-4A8E-AA69-47D4C3F6D963}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47DBBAE2-78AE-4E8D-9E85-14EB5330954E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549D28B0-19A9-4404-A90B-3A51AC9848B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72CDCF94-EE84-4A4E-A6B4-5E5AA1D32FA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{758454C0-7B33-46C0-8764-834B51C349B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{80EB5828-D6B9-4838-A798-24A05B5745EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{846C4D50-BDAC-4294-B9B9-6A8FB0778375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89BC5888-FA98-45E8-B30D-C4102D59061C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B2A1008-8988-44B6-A3A9-8F756D813DF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{9CA6EFDB-F7ED-4735-94F3-0189B6B5563D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F5EAC7D-9519-4D3B-8EA2-72958264CAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02DAE5A-DCBE-4816-AE11-E04FA5159B74}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{A78AF99B-1E3C-4D2C-9C00-7B24A8681194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF10C3FC-C8E8-48E8-93F5-CD697A6DDB7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4EB1796-3C1D-42E3-8985-E0281D6E637F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64148E7-8266-4E96-AA11-9AF7C2E914CF}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{DAF48259-9895-4012-BACB-AE81E712AFDC}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{DB4A09C3-F183-492D-A2AE-706214A502DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6663A6-9B18-4BAD-ACDC-832DCF1AF9A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFC181D6-6C25-455B-9DDE-0BEF8BEDDED3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD1DF68D-DA99-4B06-8192-A75E3DA38FAB}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC14C1-6F92-47CD-83C9-5BE293D7D6DB}" = protocol=17 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{073099D5-B6CB-4583-92AA-A5D99C22E811}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{0DFE3540-D2E6-4A93-A703-10DF8656CACA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{0FDC9713-E75C-4411-B219-F39148070833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21FDA86F-7C85-4499-9B38-C59FFF23828D}" = protocol=6 | dir=out | app=system |
"{36B9706E-18BD-4CB5-8A84-ED5CD2FBAFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C96FD18-E37A-4012-B63B-CBA3BE2FE252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42E46A8C-B7CB-4CD8-9B1E-F32B550D678A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{54D34425-8AC2-49E5-A8AD-38A99904B0CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{589753BA-28A6-4EFE-8F10-2448C2D5D9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D631953-D882-43B8-836B-2A669B285498}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{665EFE42-0003-4DF4-B6BC-AA235609F10F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ED6F8CE-BADF-4C70-B8AF-4C996E2AA4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70627151-16D2-446D-990E-85577F22CCD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BF3623A-FAB4-46A0-9DB3-CD7E38C2BF6B}" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{8362CF04-2744-46B2-A8B8-DD7B09EC1548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C461833-188E-45F2-8105-DE86137BF384}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6EA5C56-F395-4BB0-ACE3-18A72D9A417F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A8A69CD0-DBE5-43BE-AD83-1CF6FD28F83A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB6FDA47-1B8C-4824-A535-8E40A820D5ED}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{C1341D73-02CD-4D86-ABC7-13A14D8C07A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C60C74D8-0DB8-410D-81D5-3F05D75732D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CD9BB431-F569-48FE-853E-D8ABCF8B77FF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{D389C213-BB18-44AC-9DC6-B20BFC0E9289}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BAA1FB-0D1A-4B3B-849B-1306C37782A2}" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{EA62C671-3330-4096-AAF0-F0FD05443689}" = protocol=6 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED1209B4-B3FA-4944-AA02-7879052BB83A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F171DF75-3B87-4354-B469-A0437AA84BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2AB2ADC-B315-483D-BBB3-8A636E9E8E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9559637-9E35-4932-BB64-16EF3E268510}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA544C0A-452C-4339-8D26-9AF629A1351E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6B9B45-C6B8-43C7-AF0C-9C1254C48C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{83907A66-B654-4142-B41F-8FB1EF3D06FB}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{A1CFD68E-E745-4D06-B6BA-428D1DC3B48A}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"TCP Query User{E29872B9-F290-4BE3-B7CB-1203AB4877C9}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{EF17FDD0-7FB5-4174-B83E-AB8F90390253}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{3E139840-8504-48CC-B269-F2B63351EFF5}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{45029AEB-56AD-45AB-9504-A47EBCCA4853}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{88AE95CB-60C1-4DA6-9112-B15696C0A2C6}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{F3F1FE03-3419-46F0-973F-8E36B4F0981F}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000223-40C1-2701-0100-000001000000}" = Siemens Manual Collection (SR)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{8707E615-B513-444E-B5A9-1D2DC4E593FC}" = InsideIR4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A523B6C0-E70F-4FA1-933D-DA04971F607F}" = VmciSockets
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA2B5971-E0B9-4D01-B732-88768933543E}" = EPLAN Data Archive Zipped
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.3
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LoxPLAN_is1" = Loxone Config
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarkWare3.9.0" = MarkWare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VMware_Player" = VMware Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diino 5" = Diino 5
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2012 04:44:10 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 01.11.2012 15:10:02 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1006
Description =
Error - 02.11.2012 02:42:21 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 02.11.2012 10:35:25 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.11.2012 14:54:02 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 02.11.2012 15:23:01 | Computer Name = Optiplex380 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897ca0 Name des fehlerhaften Moduls: java.dll, Version: 6.0.290.11, Zeitstempel:
0x4e89b321 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004e0a ID des fehlerhaften Prozesses:
0xee8 Startzeit der fehlerhaften Anwendung: 0x01cdb92f73391a5a Pfad der fehlerhaften
Anwendung: C:\Program Files\Java\jre6\bin\javaw.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Java\jre6\bin\java.dll Berichtskennung: b70506c6-2522-11e2-8720-005056c00008
Error - 02.11.2012 15:23:11 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 05:25:31 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.11.2012 10:16:07 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 10:23:30 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.11.2012 18:14:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.11.2012 18:14:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.11.2012 18:14:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst gpsvc erreicht.
Error - 08.11.2012 18:15:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 08.11.2012 18:15:03 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Acronis Nonstop Backup-Dienst konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 08.11.2012 18:15:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.11.2012 18:15:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.11.2012 18:15:36 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Broadcom Management Agent konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 08.11.2012 18:16:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 08.11.2012 18:16:06 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst avast! Antivirus erreicht.
< End of report >
__________________ Gestern hab ich mir das Internet runtergeladen |
|
16.11.2012, 22:36
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Die Einträge sind da immer noch. Du sagtest dein Sohn hätte das gemacht? Mit welchem Benutzerkonto tat er dies?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 01:09
| #24 |
| | Malwarebytes hat pup.dealio.tb gefunden Es gibt 2 Konten, admin (volle Rechte) und msr (eingeschränkte Rechte) Es wird immer unter msr gearbeitet bzw. damit ins Internet gegangen. Aber spybot wurde unter msr installiert mit Abfrage des Admin Passwortes.
__________________ Gestern hab ich mir das Internet runtergeladen |
|
17.11.2012, 14:45
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden D.h. du loggst dich nie als User "Admin" ein? Wenn ja, wäre das wohl der Fehler
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 19:18
| #26 |
| | Malwarebytes hat pup.dealio.tb gefunden Ich log mich immer als msr ein.
__________________ Gestern hab ich mir das Internet runtergeladen |
|
17.11.2012, 22:31
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Ja und du musst doch mal als "admin" einloggen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 23:17
| #28 |
| | Malwarebytes hat pup.dealio.tb gefunden Nur einloggen oder auch OTL ausführen?
__________________ Gestern hab ich mir das Internet runtergeladen |
|
17.11.2012, 23:31
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Erstmal einloggen, abwaren - dann runterfahren und wieder mit "admin" einloggen. Dann bite ein neues OT-Log machen als "admin"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 00:08
| #30 |
| | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter OTL logfile created on: 17.11.2012 23:53:28 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,55% Memory free 6,49 Gb Paging File | 5,58 Gb Available in Paging File | 85,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,90 Gb Total Space | 193,97 Gb Free Space | 68,81% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\msr\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (DiinoService) -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys () DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (vmkbd2) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTDVHDA.sys (Realtek Semiconductor Corp.) DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 20:54:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions [2012.11.04 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\extensions [2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:54:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 20:54:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.07 00:40:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\msr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 20:10:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.14 20:09:20 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 20:09:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 20:08:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 20:08:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 20:08:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 20:08:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 20:08:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 20:08:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 20:08:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 20:08:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 20:08:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 20:08:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 20:08:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 08:47:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 08:47:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 08:47:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 08:47:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 08:47:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 08:46:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 08:46:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.07 00:40:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.05 23:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.04 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.04 20:32:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.04 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.11.04 17:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.11.03 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.03 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.31 08:31:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2012.10.31 08:31:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Files - Modified Within 30 Days ========== [2012.11.17 23:52:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.17 23:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 23:51:27 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 23:50:54 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 23:50:54 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:12:10 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 20:13:15 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.14 20:13:15 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.14 20:13:15 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.14 20:13:15 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.07 00:40:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.11.05 23:04:57 | 332,920,021 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:32:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 20:32:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.04 20:32:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.04 20:32:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.04 20:12:59 | 000,003,488 | ---- | M] () -- C:\Windows\wininit.ini [2012.11.04 17:49:54 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.04 17:48:28 | 000,001,024 | ---- | M] () -- C:\Windows\System32\.crusader [2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf ========== Files Created - No Company Name ========== [2012.11.14 20:09:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 20:08:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.05 23:04:57 | 332,920,021 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:12:52 | 000,003,488 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.04 17:48:28 | 000,001,024 | ---- | C] () -- C:\Windows\System32\.crusader [2012.11.04 17:42:58 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini [2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini [2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll [2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 23:53:28 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,55% Memory free
6,49 Gb Paging File | 5,58 Gb Available in Paging File | 85,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 193,97 Gb Free Space | 68,81% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4704C3-7B42-4D15-894B-4C49C66A0355}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10C03517-E44F-452B-B7CA-7698D6C79419}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{1A44387F-0DB4-4468-A4D4-D443DAB22CD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F452FA4-9060-486E-98C3-74D05565476E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D904129-9661-456E-AA98-B22F72E0D6E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{413BABF0-6CA4-46AF-A82A-17158B9EBC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{426F4A77-E045-4A8E-AA69-47D4C3F6D963}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47DBBAE2-78AE-4E8D-9E85-14EB5330954E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549D28B0-19A9-4404-A90B-3A51AC9848B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72CDCF94-EE84-4A4E-A6B4-5E5AA1D32FA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{758454C0-7B33-46C0-8764-834B51C349B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{80EB5828-D6B9-4838-A798-24A05B5745EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{846C4D50-BDAC-4294-B9B9-6A8FB0778375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89BC5888-FA98-45E8-B30D-C4102D59061C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B2A1008-8988-44B6-A3A9-8F756D813DF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{9CA6EFDB-F7ED-4735-94F3-0189B6B5563D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F5EAC7D-9519-4D3B-8EA2-72958264CAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02DAE5A-DCBE-4816-AE11-E04FA5159B74}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{A78AF99B-1E3C-4D2C-9C00-7B24A8681194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF10C3FC-C8E8-48E8-93F5-CD697A6DDB7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4EB1796-3C1D-42E3-8985-E0281D6E637F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64148E7-8266-4E96-AA11-9AF7C2E914CF}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{DAF48259-9895-4012-BACB-AE81E712AFDC}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{DB4A09C3-F183-492D-A2AE-706214A502DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6663A6-9B18-4BAD-ACDC-832DCF1AF9A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFC181D6-6C25-455B-9DDE-0BEF8BEDDED3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD1DF68D-DA99-4B06-8192-A75E3DA38FAB}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC14C1-6F92-47CD-83C9-5BE293D7D6DB}" = protocol=17 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{073099D5-B6CB-4583-92AA-A5D99C22E811}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{0DFE3540-D2E6-4A93-A703-10DF8656CACA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{0FDC9713-E75C-4411-B219-F39148070833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21FDA86F-7C85-4499-9B38-C59FFF23828D}" = protocol=6 | dir=out | app=system |
"{36B9706E-18BD-4CB5-8A84-ED5CD2FBAFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C96FD18-E37A-4012-B63B-CBA3BE2FE252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42E46A8C-B7CB-4CD8-9B1E-F32B550D678A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{54D34425-8AC2-49E5-A8AD-38A99904B0CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{589753BA-28A6-4EFE-8F10-2448C2D5D9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D631953-D882-43B8-836B-2A669B285498}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{665EFE42-0003-4DF4-B6BC-AA235609F10F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ED6F8CE-BADF-4C70-B8AF-4C996E2AA4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70627151-16D2-446D-990E-85577F22CCD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BF3623A-FAB4-46A0-9DB3-CD7E38C2BF6B}" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{8362CF04-2744-46B2-A8B8-DD7B09EC1548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C461833-188E-45F2-8105-DE86137BF384}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6EA5C56-F395-4BB0-ACE3-18A72D9A417F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A8A69CD0-DBE5-43BE-AD83-1CF6FD28F83A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB6FDA47-1B8C-4824-A535-8E40A820D5ED}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{C1341D73-02CD-4D86-ABC7-13A14D8C07A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C60C74D8-0DB8-410D-81D5-3F05D75732D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CD9BB431-F569-48FE-853E-D8ABCF8B77FF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{D389C213-BB18-44AC-9DC6-B20BFC0E9289}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BAA1FB-0D1A-4B3B-849B-1306C37782A2}" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{EA62C671-3330-4096-AAF0-F0FD05443689}" = protocol=6 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED1209B4-B3FA-4944-AA02-7879052BB83A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F171DF75-3B87-4354-B469-A0437AA84BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2AB2ADC-B315-483D-BBB3-8A636E9E8E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9559637-9E35-4932-BB64-16EF3E268510}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA544C0A-452C-4339-8D26-9AF629A1351E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6B9B45-C6B8-43C7-AF0C-9C1254C48C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{83907A66-B654-4142-B41F-8FB1EF3D06FB}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{A1CFD68E-E745-4D06-B6BA-428D1DC3B48A}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"TCP Query User{E29872B9-F290-4BE3-B7CB-1203AB4877C9}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{EF17FDD0-7FB5-4174-B83E-AB8F90390253}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{3E139840-8504-48CC-B269-F2B63351EFF5}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{45029AEB-56AD-45AB-9504-A47EBCCA4853}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{88AE95CB-60C1-4DA6-9112-B15696C0A2C6}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{F3F1FE03-3419-46F0-973F-8E36B4F0981F}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000223-40C1-2701-0100-000001000000}" = Siemens Manual Collection (SR)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{8707E615-B513-444E-B5A9-1D2DC4E593FC}" = InsideIR4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A523B6C0-E70F-4FA1-933D-DA04971F607F}" = VmciSockets
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA2B5971-E0B9-4D01-B732-88768933543E}" = EPLAN Data Archive Zipped
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.3
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LoxPLAN_is1" = Loxone Config
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarkWare3.9.0" = MarkWare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VMware_Player" = VMware Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 15:23:01 | Computer Name = Optiplex380 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897ca0 Name des fehlerhaften Moduls: java.dll, Version: 6.0.290.11, Zeitstempel:
0x4e89b321 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004e0a ID des fehlerhaften Prozesses:
0xee8 Startzeit der fehlerhaften Anwendung: 0x01cdb92f73391a5a Pfad der fehlerhaften
Anwendung: C:\Program Files\Java\jre6\bin\javaw.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Java\jre6\bin\java.dll Berichtskennung: b70506c6-2522-11e2-8720-005056c00008
Error - 02.11.2012 15:23:11 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 05:25:31 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.11.2012 10:16:07 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 10:23:30 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 12:52:21 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2012 11:58:06 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2012 12:37:23 | Computer Name = Optiplex380 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\msr\Desktop\HitmanPro36_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.11.2012 12:38:24 | Computer Name = Optiplex380 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\msr\Desktop\Systemcheck\HitmanPro36_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.11.2012 12:40:29 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 08.11.2012 18:14:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.11.2012 18:14:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.11.2012 18:14:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst gpsvc erreicht.
Error - 08.11.2012 18:15:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 08.11.2012 18:15:03 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Acronis Nonstop Backup-Dienst konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 08.11.2012 18:15:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.11.2012 18:15:30 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.11.2012 18:15:36 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Broadcom Management Agent konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 08.11.2012 18:16:00 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 08.11.2012 18:16:06 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst avast! Antivirus erreicht.
< End of report >
__________________ Gestern hab ich mir das Internet runtergeladen |
|
| Themen zu Malwarebytes hat pup.dealio.tb gefunden |
| adobe, antivirus, avast, bho, bingbar, bonjour, branding, defender, desktop, excel, explorer, firefox, flash player, format, helper, mozilla, pdfforge toolbar, plug-in, programme, realtek, registry, scan, security, software, symantec, system, temp, usb, windows |
Linear-Darstellung
