| |
| |||||||
Log-Analyse und Auswertung: Umleitung von URLs im IEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
21.11.2012, 17:54
| #1 |
  |  Umleitung von URLs im IE Hallo zusammen, schön mal wieder hier zu sein, mir wird gerade oben angezeigt, dass es schon 2 1/2 Jahre her ist das ich zuletzt mal rein geschaut habe. Anyway, wir sind ja hier im Forum für Hilfesuchende, also fange ich gleich mal an: Ich sitze hier am Laptop von meinem Vater und habe folgendes Phänomen, wenn man z.B. billiger.de im IE eingibt wird man auf folgende URL umgeleitet: http://www.pricerunner.de/?AID=10389188&PID=1902735 gleiches bei idealo.de etc. Leider sind meine Kenntnisse zu eingerostet und mit den Standardmaßnahmen komme ich nicht weiter. Hier mal die Logs aus der bisherigen Analyse: Adwcleaner: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 21/11/2012 um 17:14:42 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Robert - ROBERT-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Robert\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Robert\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Robert\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Robert\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Robert\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Robert\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6563 octets] - [21/11/2012 17:12:19]
AdwCleaner[S1].txt - [6028 octets] - [21/11/2012 17:14:42]
########## EOF - C:\AdwCleaner[S1].txt - [6088 octets] ##########
Davor ausgeführt: OTL: Code:
ATTFilter OTL logfile created on: 21.11.2012 15:11:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,46% Memory free 7,90 Gb Paging File | 5,57 Gb Available in Paging File | 70,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,34 Gb Total Space | 347,24 Gb Free Space | 77,97% Space Free | Partition Type: NTFS Drive D: | 16,26 Gb Total Space | 1,76 Gb Free Space | 10,85% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32 Computer Name: ROBERT-HP | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\089236f41e5accbc3654fb51ce25277f\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\cb5acf4c838ef0dec864065683d5d38b\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ac1892b33667db43b346d4b0b3efdb25\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV:64bit: - (GFilterSvc) -- C:\Windows\SysNative\GFilterSvc.exe () SRV:64bit: - (extrbc32) -- C:\Windows\SysNative\KBDNO164.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{42218EA0-A1A3-4FAE-BBF7-7482498E8022}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{42218EA0-A1A3-4FAE-BBF7-7482498E8022}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=4512_2&babsrc=SP_ss&mntrId=88b2be8300000000000060d81944c6ac IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{42218EA0-A1A3-4FAE-BBF7-7482498E8022}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE484 IE - HKCU\..\SearchScopes\{9AB9A6E4-E1D2-4055-B27C-CF5122507D5F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=7d196699-468b-4555-8465-ff13f9409203&apn_sauid=FA71D155-8CE0-4BDB-BA4F-75711E1E8E56 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.11.07 20:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: about:blank CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: ProxTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\ CHR - Extension: Google-Suche = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Website Logon = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\ CHR - Extension: Google Mail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [REGSHAVE] C:\Program Files (x86)\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A00EE7A-5119-489E-8978-662C369538B6}: DhcpNameServer = 40.20.1.201 40.20.1.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B62CCC-A8FA-4B0F-8255-35BC7007611F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 13:49:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012.11.19 08:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012.11.18 19:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.18 18:32:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes [2012.11.18 18:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.18 18:32:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.18 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.17 12:15:07 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 12:15:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 12:10:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.17 12:10:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.17 12:10:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.17 12:10:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.17 12:10:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.17 12:10:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.17 12:10:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.17 12:10:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.17 12:10:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.17 12:10:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.17 12:10:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.17 12:10:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.17 12:10:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.17 12:10:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.17 12:10:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.17 12:10:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 12:10:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 12:10:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 12:10:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.17 08:25:08 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.17 08:25:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.17 08:25:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.17 08:25:05 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.17 08:25:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.17 08:25:05 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.17 08:25:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.17 08:25:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.17 08:25:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.17 08:24:48 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.17 08:24:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.16 09:21:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ElevatedDiagnostics [2012.11.15 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\vlc [2012.11.15 15:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.15 15:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.11.15 15:01:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Avira [2012.11.15 14:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.15 14:56:11 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.15 14:56:11 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.15 14:56:11 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.15 14:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.12 08:10:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Foto [2012.11.11 18:58:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.11 18:58:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.11 18:58:24 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.07 20:12:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012.11.07 20:12:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012.11.07 20:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.07 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Babylon [2012.11.07 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon ========== Files - Modified Within 30 Days ========== [2012.11.21 15:17:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.21 14:41:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 13:46:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012.11.21 13:35:37 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 13:35:37 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 13:28:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 13:28:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 13:27:57 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 17:00:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 17:00:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 17:00:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 17:00:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 17:00:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 09:15:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRobert.job [2012.11.19 08:57:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012.11.18 19:13:21 | 000,002,285 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk [2012.11.18 18:32:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.18 11:14:20 | 000,530,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.16 07:36:47 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.16 07:36:47 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.15 15:46:52 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.15 14:56:21 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.12 08:52:16 | 000,081,759 | ---- | M] () -- C:\Users\Robert\Documents\Montreal-New York2.jpg [2012.11.07 20:11:50 | 000,117,248 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe [2012.11.07 20:11:49 | 000,113,152 | ---- | M] () -- C:\Windows\SysNative\KBDNO164.exe [2012.10.26 13:56:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto Designer 7.lnk [2012.10.24 06:20:06 | 000,001,019 | ---- | M] () -- C:\Users\Robert\Desktop\Robert - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.11.19 08:57:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012.11.18 19:13:21 | 000,002,285 | ---- | C] () -- C:\Users\Robert\Desktop\Google Chrome.lnk [2012.11.18 18:32:15 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 12:15:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 12:10:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 15:46:52 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.15 14:56:21 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.12 08:52:13 | 000,081,759 | ---- | C] () -- C:\Users\Robert\Documents\Montreal-New York2.jpg [2012.11.07 20:11:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe [2012.11.07 20:11:49 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\KBDNO164.exe [2012.10.26 13:56:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto Designer 7.lnk [2012.10.24 06:20:06 | 000,001,019 | ---- | C] () -- C:\Users\Robert\Desktop\Robert - Verknüpfung.lnk [2012.08.29 07:59:54 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.08.29 07:59:54 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.08.29 07:59:54 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.08.29 07:59:54 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.08.29 07:59:54 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.08.29 07:59:54 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.08.29 07:59:54 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.08.29 07:59:54 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.08.29 07:59:54 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.08.29 07:59:54 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.08.29 07:59:54 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.08.29 07:59:54 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.08.29 07:59:54 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.08.29 07:59:54 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.08.29 07:59:54 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.08.29 07:59:54 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.08.29 07:59:54 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.08.29 07:59:54 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.08.29 07:59:54 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.09.23 00:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.23 00:38:51 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.09.23 00:35:05 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.23 00:30:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.15 21:19:23 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.06.10 03:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.13 06:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011.04.15 20:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.15 20:05:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.15 20:05:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.15 19:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.04.15 19:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.01.13 07:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.09 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.oit [2012.11.07 20:11:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Babylon [2012.10.18 11:03:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.08.29 07:14:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Epson [2012.11.13 08:52:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FUJIFILM [2012.10.26 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MAGIX [2012.08.24 11:15:11 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\NewSoft [2012.10.14 09:24:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\simplitec [2012.05.18 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Synaptics ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.2012 15:11:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,46% Memory free
7,90 Gb Paging File | 5,57 Gb Available in Paging File | 70,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,34 Gb Total Space | 347,24 Gb Free Space | 77,97% Space Free | Partition Type: NTFS
Drive D: | 16,26 Gb Total Space | 1,76 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
Computer Name: ROBERT-HP | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0710ED40-7B05-487B-BA3A-77FE05D5E919}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0A697293-CEF3-4FB1-A381-44E914A635E4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23394433-105A-4AF6-9239-68901E8540C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{270FFA52-91D4-4340-AB55-E43D9DC741B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B1D4DCD-B1BE-419E-B10A-EAC2108E8C92}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BE356E0-4966-4504-ADF4-2FEAE2CCA21D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4D3307FE-7B23-469A-8E10-F42D66A4FF47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C73CBDD-1433-4783-AB78-1B3A5AA2CAFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{6FD2CDD4-490A-4E0E-804E-540BB2A93D12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72E7F66F-C7C4-48B7-A93B-160A78F35CB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E5D27AC-044E-4B74-95DB-BC26F5FD5D00}" = rport=445 | protocol=6 | dir=out | app=system |
"{9E741C5E-8F5F-4861-87E7-F62EC3090510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9DE308-16C2-4F0C-99F2-B860692EB16D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7722131-8898-4FAC-95BB-0CCF010D946C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A857D7EE-F5E4-4366-8A1A-59A7D821FC1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAE4C581-ED72-4EE7-AA4A-7ABA31206859}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B30B59E4-3F78-4D4E-89A7-BAEEF7CD44FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B638D496-C5C6-435E-A286-CBAFC63F315B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0C1E9DC-988D-414C-8F35-AA8DD4C2B7D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE150CF3-F264-4CFA-8ADE-A383D6CEC753}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9E2575C-9E01-4EEB-9B6F-85F308171527}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DE331DCE-D136-4E8C-A7AF-6B925DAE387E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E363F1F9-4B80-46A1-BE53-6ACEDAEB3855}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC976042-B525-4A89-A0AE-7078E6DAF051}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030436D0-A02C-4DCB-B1BE-F29A43D2B2B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1BD31D4D-4EE0-4385-8C17-427B135E4AAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EA2EE9F-F44F-418C-B525-1A725CCA804E}" = protocol=17 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{302D1675-3E6A-4AB4-A34D-32155AE0C332}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{352F363F-791F-43CD-8A55-178AD1129160}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{397B20FB-3EFF-4172-97E3-92608D216CB2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4679BB7B-0D60-42CE-9BD3-71487056FD17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A188D29-4CA0-4E1F-A5CB-B44239C739D1}" = protocol=6 | dir=in | app=c:\program files (x86)\newsoft\presto! pagemanager 9.03\licensecheck.exe |
"{58333EF8-215F-4899-8F5A-5994A017972D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5DC2F025-8D6A-4FA3-A164-D417F3B92E11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DDC2C76-BFEF-42EE-8C41-A3D08543DA49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E948B56-7312-4989-AFB2-5BAFB40A90F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6025ACA9-0BE4-4E60-8B4A-4FB57E1D40DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{61CAFEA2-3908-4ADF-AFFE-C0A65C90AAB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64D04305-B522-4BB0-9D2B-B8F27D136AF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E03CF85-3451-474A-99E6-3D7DA311D573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{82988D0D-C6AF-4ACD-88EC-87FAACEFFD3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{90BCB190-92A0-42F0-A2D3-D46DCCCBD2EA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{98B1D158-1EBC-4732-87E9-4ACC716EB4A7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{ACC4EC65-275C-40D6-9C23-CD8FCDCA3757}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD5AD3EC-62AC-40AC-B147-284F7BB0EC2B}" = protocol=6 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{AFD98746-3929-4315-9548-2E7B48D6AD25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B27FFE30-7B73-48EA-B8D9-2617D9A8D6E9}" = protocol=6 | dir=out | app=system |
"{B2EC6924-9CCD-4BD1-A350-9351F7BC397B}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{B6394F9F-CC24-48D9-82B4-A6AF9835C726}" = protocol=17 | dir=in | app=c:\program files (x86)\newsoft\presto! pagemanager 9.03\licensecheck.exe |
"{BBF0C1B7-3FA5-42D3-8B4B-359B6EF5DA32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC25C063-1432-46CF-B820-8DC9FA5F67B9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{C63E3BDD-0F75-4C5B-B612-3816BBE803CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D6DD6521-3698-4A5A-923B-39A3D4F235AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7979C19-EB01-4D2B-BFB1-92596C5713C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA1C4598-E51F-4893-A069-71DF5128731D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DFC7C6BE-25C5-4791-9615-5EC1940782B3}" = protocol=58 | dir=in | app=system |
"{E0F753FA-6013-493B-A214-322ECBDFC975}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECDBD8A4-8FF3-450D-93B2-568BA15D1371}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBEB241A-34E1-40A0-8623-CDD4872D3A61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1E51C835-5826-4C6A-A63E-8C3D66310C88}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{63408726-9CBE-4DAF-BEF2-0AFC55EA5C5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{48873647-68E2-40A0-9C8F-D1EE0D0D78D4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B82975C5-A645-4491-874E-6AF215092AF6}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D6A6DE-A1AF-4510-8DEA-750917C67884}" = MAGIX Speed burnR (MSI)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F1190CB-24CC-29DC-3C85-CD8CFDDE045F}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{697B2DF7-8E11-49F2-9DE6-27860D400161}" = MAGIX Foto Manager 10 Deluxe Update
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8C73E551-5AFA-42EE-B76E-64821590BCD3}" = MAGIX Video deluxe 2013
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B066BF95-890E-A532-A58F-D13E0805DC04}" = ATI Catalyst Install Manager
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON BX635FWD Series" = EPSON BX635FWD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A3841B-038A-ADE1-A06A-158EAFF68A9E}" = Catalyst Control Center Profiles Mobile
"{04A92BE5-E791-E374-01CB-B88CBFC1E8D1}" = PX Profile Update
"{04AF7536-446D-4F5A-8920-B4E885E4581B}" = Presto! PageManager 9.03 SE
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09D5AC17-7B7A-D201-7CA6-3F16D99828FB}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C4C413A-9751-48BE-78DC-80248F8B306F}" = CCC Help Japanese
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F68E4AE-E8BA-1E4F-0CCA-B8678477A5CC}" = Catalyst Control Center
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CFC5FB4-2ACB-870F-043A-638919624D4E}" = CCC Help English
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228CBD40-FE56-4183-AB86-05A7C0D741FB}" = simplitec simplicheck
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24507E82-750C-3658-7C50-D5B7A1E27CCC}" = CCC Help Russian
"{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}" = HP Documentation
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28448C64-6562-6D8C-2F76-8DF399956955}" = Catalyst Control Center Localization All
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2942CAF8-0934-96C2-5FC0-2ED331D0530A}" = CCC Help Italian
"{2F2CA8CC-814B-67C1-CF19-A8A1A2A503C5}" = CCC Help Korean
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass PE 2011
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F88EFD-5661-7FA7-C638-FD6496A0BF2E}" = CCC Help Swedish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{510446D7-2344-B59F-4CA5-66F5381D09FC}" = CCC Help Polish
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B8072B3-A576-4C0B-99BC-FAA7145A1031}" = Nero 7 Essentials
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FBB960-1893-0F86-8EC1-DD0527D3ABCA}" = CCC Help Turkish
"{7F969F54-1D7F-5DA1-A9E2-59FC0A5F0FE0}" = Catalyst Control Center Graphics Previews Common
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909DC555-322F-8A35-2550-6FC2E2EDFA23}" = CCC Help Finnish
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E5798A-9827-92AD-5201-1E9B25819886}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC7262C-2988-CFAB-CF6B-B870C6A9A50C}" = myphotobook print service
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDE574D-5471-24A1-07DC-0B0F06810E11}" = CCC Help Thai
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA79CA2-D65D-966B-48C2-D6C16433482C}" = Catalyst Control Center InstallProxy
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD5B7E20-00E1-4B7B-84DC-53F5CEFFA367}" = PHOTOfunSTUDIO 6.5 BD Edition
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B479B52B-4DE8-23FC-93CA-186D600F4A52}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1A2F65D-720B-82A0-10F6-4FEE797880BB}" = CCC Help German
"{C1BF14DC-3A45-8E0B-41C6-30E6D30F9968}" = CCC Help Chinese Standard
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7861B58-149A-4546-AD1D-798865EF36CF}" = CCC Help Portuguese
"{CBA9A6BF-1837-F0A4-79B6-15936EDC68AA}" = CCC Help Spanish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D2FFFA5E-FEA5-073B-C371-3B3628D9A453}" = CCC Help French
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD75B28A-94C3-97C2-C389-EA6BF1C809B7}" = CCC Help Danish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFB2B20-5D76-335C-2C24-CEF3791B30B8}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7160D4F-B709-DFE4-9BF2-BB1C38598CF9}" = CCC Help Greek
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F70B153C-55D6-550A-7F50-6E09D99B1D7A}" = CCC Help Czech
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook print service
"EasyBits Magic Desktop" = Magic Desktop
"EPSON BX635FWD Series Netg" = Netzwerkhandbuch EPSON BX635FWD Series
"EPSON BX635FWD Series Useg" = Benutzerhandbuch EPSON BX635FWD Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"MAGIX_{11D6A6DE-A1AF-4510-8DEA-750917C67884}" = MAGIX Speed burnR (MSI)
"MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2
"MAGIX_{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe
"MAGIX_{8C73E551-5AFA-42EE-B76E-64821590BCD3}" = MAGIX Video deluxe 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VIP Access SDK" = VIP Access SDK (1.0.1.2)
"VLC media player" = VLC media player 2.0.4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0256fa7a-5565-4156-8e6c-f0b0d488bfd0" = Agatha Christie - Peril at End House
"WTA-04760fd3-cdc8-4507-96a7-30ccf8872c41" = Jewel Quest Solitaire
"WTA-0c4bc8a2-5178-4f47-818f-ad71d6c9d36c" = Governor of Poker 2 Premium Edition
"WTA-1330137d-877d-492e-a56c-b448c60f1a33" = Zuma Deluxe
"WTA-144b8da0-07b1-4f21-b531-62918247e8a3" = Penguins!
"WTA-2b8bdbff-f02a-4699-bdbf-51f6e8c0ef59" = Bounce Symphony
"WTA-30271cf3-115e-4b94-94a0-ae8bf32542a1" = Bejeweled 3
"WTA-4cb59e23-c9c1-4b94-b534-6bd79a14e0b4" = Virtual Villagers - The Secret City
"WTA-553752b8-a0e7-4049-957e-5072e05e6add" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-56a395fb-1b5d-4517-9f7f-3cbb512814c2" = Namco All-Stars: PAC-MAN
"WTA-7936fc99-f850-43f9-a7c7-8c4cde240296" = Slingo Deluxe
"WTA-7f89a06f-b19a-4eeb-b4de-426577d7b5fa" = Cradle of Rome 2
"WTA-894efc7f-4b5d-4261-9e79-affbe8ea340d" = Plants vs. Zombies - Game of the Year
"WTA-a05c549d-db94-45f6-81bf-53e58beb5ad0" = Chuzzle Deluxe
"WTA-a39c6a4e-50aa-4128-bc43-03de00f46ca9" = Chronicles of Albian
"WTA-b35ca1e1-0fb9-403e-b0ea-238aced1ad60" = Polar Bowler
"WTA-c1e8bcc0-f99e-4c3f-89d7-fdd2377460f4" = Vacation Quest - The Hawaiian Islands
"WTA-ca2856c3-9030-4a0e-b494-1225c11abf4d" = Cake Mania
"WTA-d913691e-6ddc-4c10-93b2-5ec2b3179b5a" = Mystery of Mortlake Mansion
"WTA-e01b0c45-c557-4bfd-bb3d-92029e9596d3" = FATE
"WTA-e74b89a8-71ed-4bfe-a2f3-2820fffbdade" = Mah Jong Medley
"WTA-ee57f7ed-043b-462a-afb4-1237e39e98e6" = Farm Frenzy
"WTA-eeaec6ff-a790-4d68-8698-37013abc4a83" = Blasterball 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2012 04:14:33 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00691b60 ID des fehlerhaften
Prozesses: 0x8f8 Startzeit der fehlerhaften Anwendung: 0x01cdbfe494b39ea6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d26e71c8-2bd7-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:14:39 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00471b60 ID des fehlerhaften
Prozesses: 0x17b0 Startzeit der fehlerhaften Anwendung: 0x01cdbfe4985d7cd2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d6184ff4-2bd7-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:14:50 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00451b60 ID des fehlerhaften
Prozesses: 0xb50 Startzeit der fehlerhaften Anwendung: 0x01cdbfe49f0f5b97 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: dccef17a-2bd7-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:17:27 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00461b60 ID des fehlerhaften
Prozesses: 0x1490 Startzeit der fehlerhaften Anwendung: 0x01cdbfe4fbcb34a4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3a5c439f-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:17:57 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005c1b60 ID des fehlerhaften
Prozesses: 0x12a8 Startzeit der fehlerhaften Anwendung: 0x01cdbfe50e6d7a49 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4c25ec0b-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:18:13 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00501b60 ID des fehlerhaften
Prozesses: 0x1b68 Startzeit der fehlerhaften Anwendung: 0x01cdbfe51835a1e9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 55f0750b-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:18:53 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00591b60 ID des fehlerhaften
Prozesses: 0x1864 Startzeit der fehlerhaften Anwendung: 0x01cdbfe52f95e55a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6d50b87c-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:19:06 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00421b60 ID des fehlerhaften
Prozesses: 0x16b8 Startzeit der fehlerhaften Anwendung: 0x01cdbfe537c23eeb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 757f736d-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 04:20:09 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x008a1b60 ID des fehlerhaften
Prozesses: 0x15c0 Startzeit der fehlerhaften Anwendung: 0x01cdbfe55d0979bb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9acb70fe-2bd8-11e2-bf0d-101f74cd0e29
Error - 11.11.2012 06:43:18 | Computer Name = Robert-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.8.3.0,
Zeitstempel: 0x507b0bf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00871b60 ID des fehlerhaften
Prozesses: 0x520 Startzeit der fehlerhaften Anwendung: 0x01cdbff95b63d8a8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9a2221c8-2bec-11e2-bf0d-101f74cd0e29
[ Hewlett-Packard Events ]
Error - 27.05.2012 05:06:27 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 08.06.2012 03:09:55 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 08.06.2012 03:13:37 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 01.08.2012 03:10:13 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 08.10.2012 11:51:01 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 08.10.2012 11:51:01 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 08.10.2012 11:51:01 | Computer Name = Robert-HP | Source = HPSF.exe | ID = 4000
Description =
[ Media Center Events ]
Error - 14.11.2012 09:21:06 | Computer Name = Robert-HP | Source = MCUpdate | ID = 0
Description = 14:21:06 - Fehler beim Herstellen der Internetverbindung. 14:21:06
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2012 09:21:16 | Computer Name = Robert-HP | Source = MCUpdate | ID = 0
Description = 14:21:11 - Fehler beim Herstellen der Internetverbindung. 14:21:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.11.2012 03:52:41 | Computer Name = Robert-HP | Source = DCOM | ID = 10016
Description =
Error - 11.11.2012 08:55:17 | Computer Name = Robert-HP | Source = DCOM | ID = 10016
Description =
Error - 11.11.2012 09:00:47 | Computer Name = Robert-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "Benutzerprofildienst SNMP-Trap Benutzerprofildienst" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 11.11.2012 13:50:48 | Computer Name = Robert-HP | Source = DCOM | ID = 10016
Description =
Error - 12.11.2012 08:09:54 | Computer Name = Robert-HP | Source = DCOM | ID = 10016
Description =
Error - 12.11.2012 13:03:50 | Computer Name = Robert-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12.11.2012 13:03:51 | Computer Name = Robert-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12.11.2012 13:03:51 | Computer Name = Robert-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 13.11.2012 03:29:58 | Computer Name = Robert-HP | Source = DCOM | ID = 10016
Description =
Error - 14.11.2012 09:20:46 | Computer Name = Robert-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "Benutzerprofildienst SNMP-Trap Benutzerprofildienst" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: ROBERT-HP [Administrator] 21.11.2012 13:42:48 mbam-log-2012-11-21 (13-42-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385552 Laufzeit: 1 Stunde(n), 25 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Grüße Wildone |
| Themen zu Umleitung von URLs im IE |
| antivir, appdatalow, avira, avira searchfree toolbar, benutzerprofildienst, bho, converter, desktop, error, firefox, flash player, format, gfiltersvc.exe, google, helper, home, homepage, igdpmd64.sys, index, install.exe, internet, internet browser, internet explorer, launch, logfile, plug-in, realtek, registrierungsdatenbank, registry, rundll, scan, security, senden, software, super, udp, wildtangent games, windows |
Baum-Darstellung