Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner: Artemis!697E81D4CFBD

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2013, 19:38   #1
Gregor259
 
Trojaner:  Artemis!697E81D4CFBD - Standard

Trojaner: Artemis!697E81D4CFBD



Hallo zusammen,
McAfee macht folgende Aussage.
Name der Bedrohung: Artemis!697E81D4CFBD (Trojaner)

Datei: D:\ xxx\ Backup Set 2011-11-30 190004\ Backup Files 2011-11-30 190004\Backup Files 23.zip

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.01.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Greech :: xxxx [Administrator]

01.02.2013 22:42:02
mbam-log-2013-02-01 (22-42-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238572
Laufzeit: 38 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
OTL logfile created on: 02.02.2013 18:29:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Greech\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,04% Memory free
7,73 Gb Paging File | 5,84 Gb Available in Paging File | 75,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 10,46 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 188,60 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: GREGORHAMBITZER | User Name: Greech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.02 18:28:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greech\Desktop\OTL.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Greech\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.20 11:07:39 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.28 06:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.08.14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2010.09.09 13:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.08.19 09:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2008.12.18 21:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2007.10.09 15:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007.10.09 15:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.20 11:07:39 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.12.26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.12.26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009.09.08 17:56:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.17 01:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2013.01.20 11:07:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 14:38:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.09 14:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.07.02 01:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 21:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.10.09 15:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2012.12.26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.12.26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.12.26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.12.26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.12.26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.12.26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.12.26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.21 09:53:33 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.21 09:43:51 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.10.09 14:43:48 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 15:26:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.07.27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.09.17 21:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.08 18:31:00 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.23 04:02:00 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.17 18:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.17 01:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.01 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.01 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ECBDF3D7-9251-4EAE-8357-8E7BFBC470D7}
IE:64bit: - HKLM\..\SearchScopes\{ECBDF3D7-9251-4EAE-8357-8E7BFBC470D7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {EADD793C-E265-4C2E-ABD2-4D7F56850E08}
IE - HKLM\..\SearchScopes\{EADD793C-E265-4C2E-ABD2-4D7F56850E08}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sportjugend.de/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {EADD793C-E265-4C2E-ABD2-4D7F56850E08}
IE - HKCU\..\SearchScopes\{7B7EDC42-9525-4A85-A043-295E2739D645}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{A5F6E64B-E48E-4840-BB99-97F169476EBF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sportjugend-rlp.de/"
FF - prefs.js..extensions.enabledAddons: 2020Player%402020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3
FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.3.0.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.1.1
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Greech\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.12.16 18:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.01.26 17:23:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 11:07:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 11:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.06 13:39:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 11:07:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 11:07:34 | 000,000,000 | ---D | M]
 
[2010.09.27 16:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\Extensions
[2010.09.27 16:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.02 14:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\Firefox\Profiles\ol3kxz6m.default\extensions
[2012.12.27 13:47:48 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Greech\AppData\Roaming\mozilla\Firefox\Profiles\ol3kxz6m.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.12.22 20:52:01 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Greech\AppData\Roaming\mozilla\Firefox\Profiles\ol3kxz6m.default\extensions\2020Player@2020Technologies.com
[2012.11.19 20:07:50 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Greech\AppData\Roaming\mozilla\Firefox\Profiles\ol3kxz6m.default\extensions\formhistory@yahoo.com
[2011.12.27 12:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\Firefox\Profiles\v71jg1bn.default\extensions
[2012.09.19 16:51:09 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\extensions\amznUWL2@amazon.com.xpi
[2011.09.21 19:31:55 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\extensions\finder@meingutscheincode.de.xpi
[2013.02.02 14:41:19 | 000,111,083 | ---- | M] () (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.01.31 19:03:42 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 18:19:29 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.06 17:29:16 | 000,002,209 | ---- | M] () -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\searchplugins\englische-ergebnisse.xml
[2012.09.06 17:29:16 | 000,010,506 | ---- | M] () -- C:\Users\Greech\AppData\Roaming\mozilla\firefox\profiles\ol3kxz6m.default\searchplugins\gmx-suche.xml
[2013.01.20 11:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.20 11:07:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.01.20 11:07:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.20 11:07:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.16 18:32:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.01.20 11:07:39 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 17:26:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 17:26:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 17:26:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 17:26:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 17:24:02 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.09.06 17:26:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 17:26:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130126162730.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130126162731.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Greech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Greech\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0850A2CA-3F69-46DE-9009-9950EDD656C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57632302-1E45-45C7-AFCB-8706CF538B92}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F145E0D-327D-4FC5-9D85-15D938859915}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1DB2FD4-C33D-429F-BEDA-2F4841B9DC97}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{052ed5f0-6b62-11e1-bec9-0026b9215a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{052ed5f0-6b62-11e1-bec9-0026b9215a2b}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{76d961c9-2e09-11e0-bbe8-0026b9215a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{76d961d6-2e09-11e0-bbe8-0026b9215a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{76d961d6-2e09-11e0-bbe8-0026b9215a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a4b82e18-aae5-11e1-8dc3-0026b9215a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a4b82e18-aae5-11e1-8dc3-0026b9215a2b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.02 18:28:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Greech\Desktop\OTL.exe
[2013.02.02 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{7DFC1E8F-71BB-4746-9D8F-400F3427AC3F}
[2013.02.02 14:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.02.01 22:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.01 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.01 22:40:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.01 22:39:38 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\Programs
[2013.02.01 15:49:30 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{501FAB45-587F-4C31-8623-08083DC15CB9}
[2013.01.31 18:56:20 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{82057F07-3803-4EEC-B3F4-DF2D6B55278C}
[2013.01.29 14:29:00 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{BB330BD4-5343-4F1F-8FEB-6A0C4067EA81}
[2013.01.28 14:30:54 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{03E91A0C-1EE4-41FB-8CFC-A9755EE870F7}
[2013.01.27 16:54:02 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{F5399CDF-14EE-4DBF-9DBB-31F27781DDFF}
[2013.01.26 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{5463F695-72F6-4729-BDA3-34613CB9C703}
[2013.01.24 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{ECF238DC-ECBB-4041-B541-2B57513ABF19}
[2013.01.23 16:28:01 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{33C78848-0644-48FE-A531-B3DAC1B3EE99}
[2013.01.22 17:20:16 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{B94DF105-E921-4EE8-BAA9-EFB73799BF32}
[2013.01.21 14:55:27 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{493CFEBE-436C-4D06-A1AA-A794C4478566}
[2013.01.20 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.20 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{A8664410-556D-49FF-9D66-4F12767A9736}
[2013.01.17 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{EDEA75DA-6BA5-47CC-B2FE-F6E4AAFED052}
[2013.01.16 18:45:51 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{82ADCA2A-3650-4149-A27E-F919DFA1D6C9}
[2013.01.15 15:39:42 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{088B1186-0DB2-4849-88A0-EB6C9B86487A}
[2013.01.14 15:13:04 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{5C6B8EB8-4998-40C3-AE74-97D1090AF19E}
[2013.01.13 16:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013.01.13 16:30:28 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{9DBB3367-109D-4A20-9D40-A232568F16F6}
[2013.01.11 14:18:26 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{7E68B3BC-95BD-42E0-9315-4D6330CCE151}
[2013.01.10 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{6304B9EE-354F-43A8-9F81-DF595BED3CD8}
[2013.01.09 14:13:25 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{0449A979-1150-4DB1-8253-16F41805315E}
[2013.01.08 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{33BBCECF-C222-4D94-9049-6FC641DD4B53}
[2013.01.07 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{3BC1533B-CA1E-45B4-97C6-00949526E98C}
[2013.01.06 15:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.06 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.06 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.06 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.06 15:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.06 13:37:40 | 000,000,000 | ---D | C] -- C:\Users\Greech\AppData\Local\{55145730-1034-4250-9A5D-BF186FE70A60}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.02 18:38:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 18:28:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greech\Desktop\OTL.exe
[2013.02.02 18:27:05 | 000,000,000 | ---- | M] () -- C:\Users\Greech\defogger_reenable
[2013.02.02 18:22:44 | 000,050,477 | ---- | M] () -- C:\Users\Greech\Desktop\Defogger.exe
[2013.02.02 18:16:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.02 18:16:28 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.02 18:16:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.02 18:16:28 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.02 18:16:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.02 18:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.02 17:45:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 15:52:48 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 15:52:48 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 15:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 22:40:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.01 16:21:28 | 000,874,750 | ---- | M] () -- C:\Users\Greech\Desktop\stundenplan ab 1.2..pdf
[2013.01.29 20:58:09 | 000,001,061 | ---- | M] () -- C:\Users\Greech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.29 15:01:31 | 000,177,152 | ---- | M] () -- C:\Users\Greech\Desktop\Acrostichon Marlene.pps
[2013.01.10 17:50:45 | 000,311,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.02.02 18:27:05 | 000,000,000 | ---- | C] () -- C:\Users\Greech\defogger_reenable
[2013.02.02 18:22:43 | 000,050,477 | ---- | C] () -- C:\Users\Greech\Desktop\Defogger.exe
[2013.02.01 22:40:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.01 16:21:28 | 000,874,750 | ---- | C] () -- C:\Users\Greech\Desktop\stundenplan ab 1.2..pdf
[2013.01.29 15:01:30 | 000,177,152 | ---- | C] () -- C:\Users\Greech\Desktop\Acrostichon Marlene.pps
[2012.11.05 21:23:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.09.08 11:16:14 | 000,005,220 | ---- | C] () -- C:\Users\Greech\.recently-used.xbel
[2012.03.09 14:30:53 | 000,103,784 | ---- | C] () -- C:\Users\Greech\GoToAssistDownloadHelper.exe
[2012.02.27 19:29:18 | 000,007,597 | ---- | C] () -- C:\Users\Greech\AppData\Local\Resmon.ResmonCfg
[2011.12.06 14:46:28 | 000,019,401 | ---- | C] () -- C:\Users\Greech\AppData\Roaming\UserTile.png
[2011.11.17 11:29:25 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.03.23 20:50:18 | 000,005,632 | ---- | C] () -- C:\Users\Greech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.22 18:24:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.06.04 10:47:25 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Ashampoo
[2012.08.27 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Canon
[2012.08.16 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Cornelsen
[2013.02.02 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Dropbox
[2011.11.06 17:07:54 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\DVDVideoSoft
[2011.04.05 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.03 15:35:21 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Electronic Arts
[2012.04.16 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\elsterformular
[2010.04.03 21:31:05 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Facebook
[2012.03.11 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\FileZilla
[2012.08.27 16:22:22 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Foto Raabe
[2012.09.08 11:16:00 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\gtk-2.0
[2012.11.12 18:32:45 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\JAM Software
[2011.12.01 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Nik Software
[2011.05.08 08:47:36 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Nokia
[2010.09.23 19:28:41 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Orbit
[2010.12.14 21:49:24 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\PC Suite
[2011.05.24 21:04:13 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\PCDr
[2010.09.23 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\ProgSense
[2012.06.23 10:44:35 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\QuickScan
[2010.03.31 15:14:32 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\ScanSoft
[2012.11.12 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\SumatraPDF
[2010.09.27 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\TomTom
[2011.04.09 12:52:28 | 000,000,000 | ---D | M] -- C:\Users\Greech\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.02.2013 18:29:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Greech\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,04% Memory free
7,73 Gb Paging File | 5,84 Gb Available in Paging File | 75,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 10,46 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 188,60 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: Greech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00703657-9656-4A0C-9946-0426F78F7CD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{04D5C056-3336-4960-BDBB-3FCABF7BDD77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{066F11DB-11F5-4ECA-B759-3771ED4CFBD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{072AAA89-7175-4F78-8329-30F62E45B146}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0BA82F76-DB0C-45E4-BEFA-A4476F1819A1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{13529782-675A-454B-BBF6-4DDA8F496516}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{152374DB-93A2-4CF0-9F3F-4E7628A7E3AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2FEA82A6-F1C2-4DE2-AD3B-F779A9288F9C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{31A61EB6-1610-49D1-A761-8A2A8557B487}" = rport=139 | protocol=6 | dir=out | app=system | 
"{346C9D83-9CBD-4E2F-AF0E-7A6B03159A75}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36A990E5-4A6D-4700-A60F-2F25854D862D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3ADD83FB-9F3C-49A4-A0E2-47DE25127C2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DA27313-098B-4612-A192-EB93E61E1F39}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{460B1212-6E89-4FB0-9A9F-99236610ED65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56618DC8-68EC-4D7E-A126-BA89DB7CDCBB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59C77607-ECBE-47D8-836D-C527F6E50462}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{609D79E4-75DC-48B6-9F9C-5E51DD7D0961}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) | 
"{7597170F-F5CE-4104-BD74-94123001BB12}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C9FE164-5F5A-43FE-97DA-D3F3812E9615}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{85DE3B36-8132-439A-9F38-55CC43372970}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) | 
"{8D061C28-731C-4006-933A-A85E7CB9255B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A0C7E9D0-FBDA-4945-8E8A-4E1705177799}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AEC2DF1A-3C45-48ED-9B2C-754AA2BFDCBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0DE70A5-9ECF-48D2-9EBC-1F4B1B8300C7}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) | 
"{CA785FED-A2E0-4103-AA36-2877719D487A}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) | 
"{CCE94701-8644-496C-BAAC-6C236648D31C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E1E36F72-1071-4281-AFB4-437DDEFE2E2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2CA39A8-3985-43F7-A7DD-A851903D24A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EDC642CB-104A-4AEC-BFF2-801D1D9C1C54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F272D7AB-AE18-4AB0-A5B2-ABCFE9E8844F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F86B7B37-2DAF-4C07-8830-45A77DBBFE66}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D6E3C3-678F-431C-8D3C-11C00B071FE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0BDB7B22-0BA6-4F11-A912-63CA8AF41DB2}" = protocol=17 | dir=in | app=c:\program files (x86)\senstic\i-clickr\i-clickr.exe | 
"{0DFE766B-BE16-418F-959A-9F39E010D74B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15FEFD9D-9BEC-4728-9A6F-77B7B52BAE50}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{199C47D7-6060-4494-A7A9-1B95851409B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19E98602-278D-4EF2-9D7D-F58F81D6C4FF}" = protocol=6 | dir=in | app=c:\program files (x86)\senstic\i-clickr\i-clickr.exe | 
"{1CE724C4-992B-41A3-AD76-49D3219D91C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26F612D0-1C7C-4A1A-9396-F55EFCA3AD70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2E505147-517C-4399-A379-ECD5170D018B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{375EF9C4-88EA-4907-82E9-6CAA9840BDEE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3AB5CF51-A999-40F7-A22A-9B8ED550E961}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3CD63017-87D0-4297-9BD4-9F51304140E6}" = protocol=6 | dir=in | app=c:\program files (x86)\senstic\i-clickr\i-clickr.exe | 
"{3CEF2AF7-C0EB-4167-875C-BDB6033C1CD1}" = protocol=6 | dir=out | app=system | 
"{44312916-61CD-4C28-BF19-0A1D4F8DAEB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4A79433D-40B0-4187-8956-A19FDDBD1840}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{516EAE26-BDC3-42F3-9DBF-3C1A675F23CD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5534BD74-CF3A-4402-B842-ADEDAF80BAFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{57F50E60-7BA6-42A9-895A-D704C57DCA4C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{5EECA276-B6CC-41C1-B4E9-406F6247285A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6983055B-AA53-47FD-A9FC-2A140417407E}" = protocol=6 | dir=in | app=c:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe | 
"{836CC62B-4B5F-463B-9A59-676D1A5513A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C6ABD7F-E206-464F-8E56-F421AD9C1E01}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{925FE6C3-8FF6-4BCD-9879-0ED930EC0266}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{92C01735-55A3-4621-A82E-261CFB20FDDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{971B8F57-9E5E-434A-B5DF-76AD18AA3350}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A956E062-7C6C-4FAA-820C-45B5523D638D}" = protocol=17 | dir=in | app=c:\program files (x86)\senstic\i-clickr\i-clickr.exe | 
"{B2196A2F-1166-4973-88E9-E9111D135016}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BA0EC2B6-8F82-4562-99F4-578D8DB934B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB0BA1CE-3D8B-4C6A-B46F-823E12328234}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C2B7E608-2A18-4A62-A511-97145C5BEBBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C4DD31AB-CF8B-42BF-96CD-11F92982C54D}" = protocol=17 | dir=in | app=c:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C74A8E82-9A48-4FA5-9428-B36FBEA301F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD0B885F-8770-44DF-8CFF-C155717FB754}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DBE9BFD1-41FD-443A-A7C2-D1B291682BAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E561B6F6-FA09-4387-9201-97897D7CC5A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8DEFFC5-FF89-44A7-9451-3111B6E8CE60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED795D00-32EF-4D88-903A-E108224C7128}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F04CA3A3-E6DE-45B6-9C89-9FAD7E735F63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0571775-2152-4D9F-995B-8A173A1BBE04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F11D6639-1905-4D62-9129-9AF765250960}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F42CBE10-3362-488D-8C2E-231ED5C01407}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"TCP Query User{504C1F1F-AFEA-4FD3-AFE0-EEF3F6D62CAD}C:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{28860C46-5674-45D2-8F03-A63484926977}C:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\greech\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D5414E-1890-9EB6-4D70-71D99F2303BA}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0740E89E-9162-4BE2-9C4E-D9CFE33CB67A}" = i-Clickr
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E180A03-2496-E90A-23A6-351B6301E912}" = CCC Help German
"{1BCB3F87-B53D-9DFD-199E-004EDBFEE40B}" = Catalyst Control Center Graphics Previews Vista
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E9A0A9C-DC61-A431-5E84-F63E16963D1D}" = CCC Help Dutch
"{1F52BCA8-7C47-7895-035D-8E1951F94CE5}" = CCC Help English
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC1E54D-4FA8-B37B-1FB1-38D8F3B32A66}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB88993-8444-18CE-679A-5D2108EAECFA}" = CCC Help Swedish
"{40E4CF35-FF4C-4876-F16B-9E4773003D84}" = CCC Help Italian
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{42FC4996-043A-4C20-9864-C74E0BF1C6E8}_is1" = GS-ZEUGNIS Version 9.6
"{47397909-5132-A6F0-D580-6A6F4D213D60}" = CCC Help French
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52DBCA-CDFE-4265-B0AF-7E243C2DA997}" = Catalyst Control Center InstallProxy
"{4FAAF7D0-CB15-292D-886B-96FE2A069A7E}" = Catalyst Control Center Graphics Previews Common
"{5067214A-A9D2-8925-9270-BF149913DB99}" = CCC Help Japanese
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E09BFC-D4A4-7FE4-02A9-A919D02B488D}" = Skins
"{5D9A0559-63B8-33AA-ADAC-30E0D45F738E}" = Catalyst Control Center Graphics Light
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EC756AA-7AEB-7CCB-7129-CCD7E54E8D0F}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CF7645-BFAD-4431-A59E-FBF273AE8B7C}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97154923-423C-C470-6E18-ABED08732DFD}" = CCC Help Russian
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEEA5A-1B5E-A242-24FF-DC594DC3733D}" = CCC Help Chinese Traditional
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9352913-9B23-D26A-3D98-9181239731C7}" = CCC Help Norwegian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5EDDAAD-6F46-A2F8-2B51-860F0D8D609E}" = CCC Help Portuguese
"{BFF24FDB-41F2-8123-0F52-DE29F34F46FA}" = CCC Help Finnish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CA4F7074-8A0D-6D4F-D5C1-90A1B57F8CEC}" = Catalyst Control Center Graphics Full Existing
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED8F7BC-8477-2948-F52A-08C5F75FBA9A}" = Catalyst Control Center Graphics Full New
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D15ED9D4-341E-3A0C-98AB-A695015B5648}" = Catalyst Control Center Localization All
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D570918C-A2FB-4C61-34F9-74BA6A472263}" = CCC Help Spanish
"{D637ED44-FE11-9C9C-815D-11ADE2D7E8A0}" = CCC Help Danish
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F67D89A1-3081-9DBB-D1EB-758A06F79539}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSC" = McAfee SecurityCenter
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Picasa 3" = Picasa 3
"Speed Dial Utility" = Canon Kurzwahlprogramm
"ST4UNST #1" = ERSTINSTALL
"ST4UNST #3" = GSZEUG_942
"ST4UNST #4" = GSZEUG_942 (C:\Program Files (x86)\GSZEUG_942\)
"TreeSize Free_is1" = TreeSize Free V2.7
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"33030675DC63B8C8D12A223C2017505053D50B01" = Doodle Outlook Connector
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"FileZilla Client" = FileZilla Client 3.5.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.09.2011 05:28:38 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb9d1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0c4ab5ed  ID des fehlerhaften
 Prozesses: 0xdcc  Startzeit der fehlerhaften Anwendung: 0x01cc6ae0f555e2ad  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 44a07c2b-d6d8-11e0-ba08-0026b9215a2b
 
Error - 04.09.2011 06:00:50 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb9d1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0e70b5ed  ID des fehlerhaften
 Prozesses: 0xf60  Startzeit der fehlerhaften Anwendung: 0x01cc6ae97fe43b82  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c3f8da7f-d6dc-11e0-ba08-0026b9215a2b
 
Error - 06.09.2011 08:10:10 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb9d1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0ffcb5ed  ID des fehlerhaften
 Prozesses: 0x3fc  Startzeit der fehlerhaften Anwendung: 0x01cc6c8b2b8f9000  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2a556d4a-d881-11e0-a39c-0026b9215a2b
 
Error - 11.09.2011 13:35:32 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm mcagent.exe, Version 11.0.575.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 448    Startzeit: 
01cc6ee6ced7c961    Endzeit: 624    Anwendungspfad: C:\Program Files\McAfee.com\Agent\mcagent.exe

Berichts-ID:
 52f2b077-dc9c-11e0-a312-0026b9215a2b  
 
Error - 12.09.2011 09:38:30 | Computer Name = xxx| Source = TomTomHOMEService | ID = 10000
Description = 
 
Error - 12.09.2011 09:43:31 | Computer Name = xxx | Source = TomTomHOMEService | ID = 10000
Description = 
 
Error - 18.09.2011 03:51:28 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 24e8    Startzeit:
 01cc75d63d405e51    Endzeit: 26    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 f0bfac89-e1ca-11e0-a3b7-0026b9215a2b  
 
Error - 18.09.2011 04:55:24 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mcods.exe, Version: 15.0.262.0, Zeitstempel:
 0x4d2e40b3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7c8f9  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2  ID des fehlerhaften
 Prozesses: 0x1cfc  Startzeit der fehlerhaften Anwendung: 0x01cc755307c698c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\McAfee\VirusScan\mcods.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f1fe3733-e1d3-11e0-a3b7-0026b9215a2b
 
Error - 18.09.2011 04:55:52 | Computer Name = xxx | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe!    Exception details follow :    VSCORE.14.4.0.333
Exception
 Code       : 0X00000000C0000005  Exception Address    : 0X000000004900000D  Exception
 Parameters : 2   Param 1 = 0X0000000000000008   Param 2 = 0X000000004900000D    More information
 :  
 
Error - 18.09.2011 04:55:54 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mcshield.exe, Version: 14.4.0.333,
 Zeitstempel: 0x4d7c7690  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000004900000d
ID
 des fehlerhaften Prozesses: 0x13b0  Startzeit der fehlerhaften Anwendung: 0x01cc75372cc32b0e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 038ebe99-e1d4-11e0-a3b7-0026b9215a2b
 
[ Media Center Events ]
Error - 15.09.2012 03:51:08 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 09:51:08 - Fehler beim Herstellen der Internetverbindung.  09:51:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 03:51:18 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 09:51:13 - Fehler beim Herstellen der Internetverbindung.  09:51:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2012 12:51:23 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 18:51:23 - Fehler beim Herstellen der Internetverbindung.  18:51:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2012 12:51:33 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 18:51:28 - Fehler beim Herstellen der Internetverbindung.  18:51:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2012 13:52:36 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 19:52:36 - Fehler beim Herstellen der Internetverbindung.  19:52:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2012 13:52:42 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 19:52:41 - Fehler beim Herstellen der Internetverbindung.  19:52:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.10.2012 03:06:30 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 09:06:30 - Fehler beim Herstellen der Internetverbindung.  09:06:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.10.2012 03:06:42 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 09:06:35 - Fehler beim Herstellen der Internetverbindung.  09:06:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.10.2012 04:06:49 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 10:06:49 - Fehler beim Herstellen der Internetverbindung.  10:06:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.10.2012 04:06:56 | Computer Name = xxx | Source = MCUpdate | ID = 0
Description = 10:06:54 - Fehler beim Herstellen der Internetverbindung.  10:06:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 12.08.2012 10:46:24 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.02.2013 16:01:08 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 16:13:08 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 16:49:08 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 17:25:09 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 17:49:13 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 18:01:13 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 18:13:14 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 01.02.2013 18:25:11 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 02.02.2013 12:10:55 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
Error - 02.02.2013 12:46:58 | Computer Name = xxx | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-02 19:27:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Greech\AppData\Local\Temp\fwlyqpob.sys


---- Kernel code sections - GMER 2.0 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                  fffff960000f3c00 7 bytes [C0, A0, F3, FF, 01, AC, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 9                                              fffff960000f3c09 2 bytes [06, 02]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdc62c                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdc62c (not active ControlSet)  

---- EOF - GMER 2.0 ----
         
Was ist zu tun?

Vielen Dank.

Alt 05.02.2013, 11:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner:  Artemis!697E81D4CFBD - Standard

Trojaner: Artemis!697E81D4CFBD



Hallo,

Zitat:
Datei: D:\ xxx\ Backup Set 2011-11-30 190004\ Backup Files 2011-11-30 190004\Backup Files 23.zip
Das ist wenn überhaupt nur ein Fund in einem alten Backupset, auch ein Fehlalarm kann ich mir hier als sehr wahrscheinlich vorstellen.
Noch andere Funde bzw. gar Probleme?
__________________

__________________

Antwort

Themen zu Trojaner: Artemis!697E81D4CFBD
7-zip, adobe, artemis!, audacity, autorun, bho, bonjour, error, excel, firefox, flash player, format, google, home, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, office 2007, realtek, registry, rundll, security, siteadvisor, software, svchost.exe, temp, trojaner, udp, visual studio, win32k.sys, wlan



Ähnliche Themen: Trojaner: Artemis!697E81D4CFBD


  1. Windows 7: Trojaner artemis!E* wird bei fast jedem Scan auf meinem PC gefunden
    Log-Analyse und Auswertung - 20.04.2015 (20)
  2. Trojaner Artemis!29760C4C151F eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (15)
  3. Trojaner Artemis in C:\Windows\System32\microsoft.com
    Log-Analyse und Auswertung - 08.08.2014 (41)
  4. McAfee meldet Trojaner Artemis!88866BFA9466, entfernt ihn aber nicht
    Log-Analyse und Auswertung - 13.04.2014 (43)
  5. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (5)
  6. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (1)
  7. Artemis-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (3)
  8. Mcafee findt mehrere Artemis Trojaner was tun???
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (15)
  9. Trojaner Artemis!817BCA3E74AF
    Log-Analyse und Auswertung - 30.03.2013 (10)
  10. Artemis Trojaner Beseitigung
    Log-Analyse und Auswertung - 24.06.2012 (28)
  11. artemis 6.xxxxxxxxx dringend trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (7)
  12. Mcafee findet Artemis!4B3812C4890C ( Trojaner ) in einer E-mail Anlage
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (6)
  13. McAfee meldet Trojaner-Befall Artemis!317AB1B0B53C
    Log-Analyse und Auswertung - 26.10.2010 (8)
  14. Artemis / Was soll ich tun ?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (1)
  15. Mc Afee Security Scan zeigt Bedrohung durch Trojaner "Artemis!7A810C195AF5" an
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (5)
  16. Trojaner namens Generic/Artemis
    Log-Analyse und Auswertung - 26.02.2009 (17)
  17. Generic!Artemis
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (5)

Zum Thema Trojaner: Artemis!697E81D4CFBD - Hallo zusammen, McAfee macht folgende Aussage. Name der Bedrohung: Artemis!697E81D4CFBD (Trojaner) Datei: D:\ xxx\ Backup Set 2011-11-30 190004\ Backup Files 2011-11-30 190004\Backup Files 23.zip Code: Alles auswählen Aufklappen ATTFilter Malwarebytes - Trojaner: Artemis!697E81D4CFBD...
Archiv
Du betrachtest: Trojaner: Artemis!697E81D4CFBD auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.