|
Log-Analyse und Auswertung: Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
15.05.2013, 15:31 | #1 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Hallo liebes Trojaner-Board-Team, heute habe ich meine externe 1 TB Platte an meinen PC angeschlossen, konnte jedoch keine Daten, die in Ordnern waren, öffnen! Alle Ordner sind nun Verknüpfungen und können nicht geöffnet werden! Ich hoffe, die vorhandenen Daten können gerettet werden! Ich freue mich über jede Antwort. Grüße, normal |
15.05.2013, 19:56 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
15.05.2013, 20:40 | #3 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ich habe einen Log von Avira, allerdings zeigt der mir jetzt schlauerweise keine Viren an!
__________________Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 15. Mai 2013 21:17 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : *** Computername : LIAMPC Versionsinformationen: BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00 AVSCAN.EXE : 13.6.0.1262 636984 Bytes 15.04.2013 18:23:10 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 07.12.2012 07:39:19 LUKE.DLL : 13.6.0.1262 65080 Bytes 15.04.2013 18:31:37 AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 15.04.2013 18:23:21 AVREG.DLL : 13.6.0.1262 247864 Bytes 15.04.2013 18:22:59 avlode.dll : 13.6.2.1262 432184 Bytes 15.04.2013 18:22:38 avlode.rdf : 13.0.0.46 15591 Bytes 15.05.2013 13:11:08 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:11:01 VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 13:11:01 VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 13:11:01 VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 13:11:01 VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 13:11:01 VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 13:11:01 VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 13:11:01 VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 13:11:01 VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 13:11:01 VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 13:11:01 VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 13:11:01 VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 13:11:01 VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 13:11:02 VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 13:11:02 VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 13:11:02 VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 13:11:02 VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 13:11:02 VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 13:11:03 VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 13:11:03 VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 13:11:03 VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 13:11:03 VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 13:11:03 VBASE023.VDF : 7.11.78.71 140800 Bytes 13.05.2013 13:11:04 VBASE024.VDF : 7.11.78.147 167936 Bytes 15.05.2013 13:11:04 VBASE025.VDF : 7.11.78.148 2048 Bytes 15.05.2013 13:11:04 VBASE026.VDF : 7.11.78.149 2048 Bytes 15.05.2013 13:11:04 VBASE027.VDF : 7.11.78.150 2048 Bytes 15.05.2013 13:11:04 VBASE028.VDF : 7.11.78.151 2048 Bytes 15.05.2013 13:11:04 VBASE029.VDF : 7.11.78.152 2048 Bytes 15.05.2013 13:11:04 VBASE030.VDF : 7.11.78.153 2048 Bytes 15.05.2013 13:11:04 VBASE031.VDF : 7.11.78.200 83456 Bytes 15.05.2013 19:11:00 Engineversion : 8.2.12.42 AEVDF.DLL : 8.1.2.10 102772 Bytes 29.11.2012 10:25:33 AESCRIPT.DLL : 8.1.4.114 483709 Bytes 15.05.2013 13:11:08 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 14:54:32 AESBX.DLL : 8.2.5.12 606578 Bytes 29.11.2012 10:25:33 AERDL.DLL : 8.2.0.88 643444 Bytes 25.01.2013 08:24:59 AEPACK.DLL : 8.3.2.12 754040 Bytes 15.05.2013 13:11:08 AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 13:58:35 AEHEUR.DLL : 8.1.4.358 5898617 Bytes 15.05.2013 13:11:07 AEHELP.DLL : 8.1.25.10 258425 Bytes 15.05.2013 13:11:05 AEGEN.DLL : 8.1.7.4 442741 Bytes 15.05.2013 13:11:05 AEEXP.DLL : 8.4.0.28 201078 Bytes 15.05.2013 13:11:08 AEEMU.DLL : 8.1.3.2 393587 Bytes 29.11.2012 10:25:29 AECORE.DLL : 8.1.31.2 201080 Bytes 25.02.2013 14:47:15 AEBB.DLL : 8.1.1.4 53619 Bytes 29.11.2012 10:25:29 AVWINLL.DLL : 13.6.0.480 26480 Bytes 25.01.2013 08:25:06 AVPREF.DLL : 13.6.0.480 51056 Bytes 25.01.2013 08:25:03 AVREP.DLL : 13.6.0.480 178544 Bytes 25.01.2013 08:25:03 AVARKT.DLL : 13.6.0.1262 258104 Bytes 15.04.2013 18:21:18 AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 15.04.2013 18:22:27 SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.01.2013 08:25:19 AVSMTP.DLL : 13.6.0.480 62832 Bytes 25.01.2013 08:25:04 NETNT.DLL : 13.6.0.480 16240 Bytes 25.01.2013 08:25:15 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 07.12.2012 07:39:21 RCTEXT.DLL : 13.6.0.976 69344 Bytes 08.03.2013 13:58:59 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\LIAMSH~1\AppData\Local\Temp\d8aa2983.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: E:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Mittwoch, 15. Mai 2013 21:17 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'E:\' <Externe Festplatte> Ende des Suchlaufs: Mittwoch, 15. Mai 2013 21:38 Benötigte Zeit: 21:15 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 2440 Verzeichnisse wurden überprüft 135418 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 135418 Dateien ohne Befall 202 Archive wurden durchsucht 0 Warnungen 0 Hinweise |
15.05.2013, 20:46 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Hast du den Scan erst eben gerade gemacht? Danach hab ich nämlich gefragt Ich wollte wissen, ob ein Scanner bei dir jemals fündig geworden ist und wenn ja, hätte ich gern die Logs dazu gesehen. Einfach mal mein Posting und die verlinkten Artikel richtig lesen.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.05.2013, 20:50 | #5 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ja, den habe ich gerade erst angefertigt! Leider habe ich keinen Log von "vorhin". |
15.05.2013, 20:56 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Du hast meine Fragen immer noch nicht komplett beantwortet Gab es nun jemals Funde oder nie?
__________________ --> Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! |
15.05.2013, 20:56 | #7 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ja es gab Funde! Mit meinem anderen Computer kam immer folgende Meldung: In der Datei 'G:\689342.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern |
15.05.2013, 21:49 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ja und wo bitte ist das Log dazu? Liest du auch mal meine Beiträge und verlinkten Artikel mal komplett?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 09:34 | #9 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Es tut mir sehr Leid! Ich habe mich gestern erst angemeldet und war in größter Eile, weswegen ich auch kein Log mit den Funden gespeichert habe. Ich habe überdies auch wenig Ahnung von solchen Dingen. Wenn ich die Platte an einen 2. PC anschließe, bestehen irgendwelche Gefahren für diesen? Wenn nicht, schließe ich diese erneut an und erstelle einen Log mit einem Fund. |
16.05.2013, 12:58 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ich hab doch extra diesen Artikel verlinkt! => http://www.trojaner-board.de/125889-...tml#post941520 Wenn du dir helfen lassen willst musst du auch mal alles komplett und sorgfältig lesen. Wie stellst du dir Hilfe vor wenn du nicht gewillt bist alles mal richtig durchzulesen?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 13:07 | #11 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Okey, dann hoffe ich, dass folgende Aussage ein wenig Klarheit verschafft... Code:
ATTFilter Exportierte Ereignisse: 15.05.2013 14:55 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\689342.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern |
16.05.2013, 13:30 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! G ist die externe Platte? Was genau hast du gemacht bevor der Fund kam? Hast du die Platte an einem anderen Rechner dran gehabt?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 13:33 | #13 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ja G ist die 1 TB Platte. Bevor der Fund auf diesem PC (1) entdeckt wurde, hatte ich die Platte an einen anderen PC (2) angeschlossen! Ich hab dann Scans gemacht und den Virus auf PC (2) entfernen können, denn PC(2) ist der Ursprungsort des Virus! Leider ist der Virus so nicht mehr auf der Platte (wurde ja entfernt), was auch der Grund dafür ist, dass ich keinen Log mehr habe, in dem man den Virus nachweisen kann! Die Daten können aber immer noch nicht geöffnet werden. |
16.05.2013, 13:43 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen!Zitat:
Wo sind die Logs vom infizierten PC?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 14:11 | #15 |
| Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ja, natürlich! Ich habe einen Quickscan von OTL machen lassen: Code:
ATTFilter OTL logfile created on: 15.05.2013 21:44:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,28% Memory free 7,92 Gb Paging File | 6,00 Gb Available in Paging File | 75,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 177,19 Gb Free Space | 39,28% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 784,85 Gb Free Space | 84,26% Space Free | Partition Type: NTFS Computer Name: LIAMPC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 21:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.04.05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2013.04.05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.28 14:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.04.27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe PRC - [2009.11.25 19:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files (x86)\Software Informer\softinfo.exe PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.09.17 21:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009.06.09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ========== Modules (No Company Name) ========== MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2011.07.29 10:10:22 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\565a1d9d3fed4d64ddb884a49a1a0e25\System.Management.ni.dll MOD - [2011.07.20 13:48:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\77631b8c99bc572962e558cdac417477\System.Web.Services.ni.dll MOD - [2011.07.20 13:47:27 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll MOD - [2011.07.20 13:47:18 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll MOD - [2011.07.20 13:46:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll MOD - [2011.07.20 13:46:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll MOD - [2011.07.20 13:46:48 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll MOD - [2011.07.20 13:46:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009.09.11 20:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.07.14 19:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV - [2013.05.14 21:07:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.04.10 22:07:33 | 009,663,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.30 20:23:44 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games) SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2009.09.17 21:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009.07.02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.10.18 09:06:26 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror) DRV:64bit: - [2011.10.18 09:06:26 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.11.21 09:45:36 | 000,063,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE) DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.26 01:05:28 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.08.05 02:28:36 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.08.05 02:28:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.08.05 02:28:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.08.05 02:28:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.03 05:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.05.20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.02.05 13:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2006.11.01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0455A66E-AE15-441C-A436-F7D1DC499A8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{43CEDC56-1CD4-4AFD-A8FB-4CEC60334202}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2096149 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=17350&babsrc=SP_ss&mntrId=48b84bd2000000000000904ce5f3ed95 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=907ebea3-d578-42f6-a73b-bc0d4bd5e6e0&apn_sauid=B594765A-886A-44CA-98A0-F3AF6D44771A IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{48FB24A4-6558-4272-9D44-4158ACA72AC7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de IE - HKCU\..\SearchScopes\{4C054D48-B2BC-4B3E-B0F6-DD406DEF86F0}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2096149 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.07 11:46:23 | 000,000,000 | ---D | M] [2012.10.24 16:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.12.15 20:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 16:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.10.23 21:43:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.07.16 13:35:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.08.22 23:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.04.16 20:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.16 20:37:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.08.29 15:15:41 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.01.30 22:15:38 | 000,002,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Browser Companion Helper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.12.28 22:40:25 | 000,000,879 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found O4 - HKLM..\Run: [Microsoft Management] C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Microsoft Management] C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Microsoft Management = C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F5BB01B-FEF2-4237-B260-5A99ED5B6B29}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\fast64.dll) - File not found O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll File not found O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - %SystemRoot%\System32\DreamScene.dll File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - %SystemRoot%\SysWow64\DreamScene.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk E:\ O33 - MountPoints2\{9f0c4629-70c8-11df-9bf8-0025647f4c38}\Shell - "" = AutoRun O33 - MountPoints2\{9f0c4629-70c8-11df-9bf8-0025647f4c38}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9f0c4630-70c8-11df-9bf8-0025647f4c38}\Shell - "" = AutoRun O33 - MountPoints2\{9f0c4630-70c8-11df-9bf8-0025647f4c38}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e0443ab7-7148-11df-9c64-0025647f4c38}\Shell - "" = AutoRun O33 - MountPoints2\{e0443ab7-7148-11df-9c64-0025647f4c38}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e0443aba-7148-11df-9c64-0025647f4c38}\Shell - "" = AutoRun O33 - MountPoints2\{e0443aba-7148-11df-9c64-0025647f4c38}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 21:42:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.15 19:34:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2013.05.15 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.05.15 15:11:41 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.15 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.15 15:09:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.15 15:09:44 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.15 15:09:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.15 15:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.15 15:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.04.19 17:20:54 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2013.04.19 17:20:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2010.01.07 17:16:16 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.15 21:43:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.15 21:42:07 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.15 21:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.15 21:28:02 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.15 21:28:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.15 21:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.15 20:28:02 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1222923265-286419292-3142266594-1001UA.job [2013.05.15 20:28:00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1222923265-286419292-3142266594-1001Core.job [2013.05.15 19:33:12 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 19:33:12 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 19:33:12 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 19:33:12 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 19:33:12 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 16:31:11 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 16:31:11 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 16:22:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.05.15 16:22:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 16:22:19 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 15:11:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.15 15:10:04 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.15 14:29:45 | 000,000,608 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ***.job [2013.05.13 19:29:17 | 000,097,586 | ---- | M] () -- C:\Users\***\Documents\Fragebogen zum Erbau eines Sportplatzes.pdf [2013.05.13 19:27:10 | 000,127,947 | ---- | M] () -- C:\Users\***\Documents\Sportplatz.jpg [2013.05.13 19:26:03 | 000,002,804 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.05.05 15:55:08 | 000,016,896 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.26 17:23:28 | 000,001,058 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.15 21:43:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.15 21:42:10 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.15 15:38:06 | 076,528,814 | ---- | C] () -- C:\Users\***\Desktop\Desktop11.wmv [2013.05.15 15:10:04 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.13 19:29:15 | 000,097,586 | ---- | C] () -- C:\Users\***\Documents\Fragebogen zum Erbau eines Sportplatzes.pdf [2013.05.13 19:26:03 | 000,127,947 | ---- | C] () -- C:\Users\***\Documents\Sportplatz.jpg [2013.05.13 19:26:03 | 000,002,804 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.03.10 15:10:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2013.01.19 23:23:19 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2012.03.25 21:37:06 | 000,000,316 | ---- | C] () -- C:\Users\***\AppData\Roaming\4356 [2012.01.30 23:49:29 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011.07.19 15:06:22 | 000,000,258 | ---- | C] () -- C:\Windows\MusicEditor.INI [2011.07.18 22:43:49 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.07.18 22:41:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.05.12 13:32:42 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.05.11 19:02:36 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010.11.25 19:12:06 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2010.11.06 12:43:05 | 000,000,106 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.08.15 14:09:58 | 000,000,879 | ---- | C] () -- C:\Users\***\AppData\Roaming\YtFlvConverter-OneStop-Video-ConverterFlvConverterDefaultSettings.xml [2010.05.27 16:39:08 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.03.23 18:10:05 | 000,374,272 | ---- | C] () -- C:\Users\***\mss32.dll [2010.02.07 13:22:52 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.02.03 18:39:35 | 000,016,896 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.19 20:16:13 | 000,000,087 | ---- | C] () -- C:\Users\***\jagex_runescape_preferences2.dat [2010.01.19 20:15:23 | 000,000,042 | ---- | C] () -- C:\Users\***\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.31 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.01.28 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DFA [2010.12.19 15:20:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AirDisplay [2010.05.31 18:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.12.10 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2013.01.25 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.01.30 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2010.01.28 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation [2012.05.09 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blockscape [2013.05.15 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion [2010.05.19 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bump Technologies, Inc [2010.01.30 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Disney Interactive [2012.06.27 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DMCache [2013.05.01 19:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.01.19 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.01.19 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.12 13:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Easeware [2012.05.19 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2011.10.25 15:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2012.06.27 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2013.05.13 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.08.26 16:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.06.27 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDM [2010.11.03 18:31:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImTOO [2010.03.26 13:57:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JLC's Software [2011.07.18 22:43:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.05.21 10:32:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MinecraftTools [2011.10.08 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2010.10.22 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS [2012.06.27 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.10.22 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.06.27 20:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.04.19 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2012.12.10 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2011.05.12 13:32:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2011.05.12 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2012.01.05 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2010.09.26 19:01:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic [2010.01.19 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee [2010.04.04 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2011.02.16 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation [2010.01.24 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smc [2010.11.03 18:35:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity [2013.05.15 16:25:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer [2012.03.26 11:37:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u [2011.05.12 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Soluto [2012.10.25 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2011.12.20 16:11:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.10.01 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.09.29 17:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith [2010.02.07 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.12.15 20:39:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.05.04 13:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.02.15 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.11.21 15:07:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2012.11.20 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.03.04 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wi-Fi Sync [2013.01.19 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2012.01.06 21:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.05.11 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XWindows Dock [2010.04.06 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 1275 bytes -> C:\ProgramData\Microsoft:WahVhIAZ6nAWSAgPS @Alternate Data Stream - 1152 bytes -> C:\Users\***\AppData\Local\KTHRCkAGS5:ddSx6tGD8rUyqeQJgv @Alternate Data Stream - 1152 bytes -> C:\ProgramData\Microsoft:WysBIaPuWGI0OQiqIJIvCLHZiY2 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 21:44:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*** ***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,28% Memory free 7,92 Gb Paging File | 6,00 Gb Available in Paging File | 75,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 177,19 Gb Free Space | 39,28% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 784,85 Gb Free Space | 84,26% Space Free | Partition Type: NTFS Computer Name: ***PC | User Name: *** *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\*** ***\AppData\Roaming\XGDCS2F5WQ.exe" = C:\Users\*** ***\AppData\Roaming\XGDCS2F5WQ.exe:*:Enabled:Windows Messanger "C:\Users\*** ***\AppData\Roaming\XGDCS2F5WQ.exe" = C:\Users\*** ***\AppData\Roaming\XGDCS2F5WQ.exe:*:Enabled:Windows Messanger ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C841A8-180B-46A5-8B57-E0A80C0E31E8}" = lport=138 | protocol=17 | dir=in | app=system | "{15A8BEC6-4E30-4C5C-9850-33A780118F23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25AAE606-BBC1-4547-AB54-AA42A00A6682}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2B0E7CD3-83B3-4630-AFA5-9C1FA185C046}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3FAEA9E2-2DB7-42AB-8198-C1ED5C67491E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{437047FD-D0C5-4168-978C-19C0C60930A0}" = lport=10243 | protocol=6 | dir=in | app=system | "{5D694BF0-E312-4A8B-B7BC-F34BC8532A05}" = lport=2869 | protocol=6 | dir=in | app=system | "{76AFFB8E-D9D3-45C4-92D1-651033F371DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{79FB7B84-C4AA-4E6F-A211-7AABF3DD0AC1}" = rport=137 | protocol=17 | dir=out | app=system | "{7D44F330-8D9F-460B-8CD1-8BE99904A14A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E6FD666-7001-4397-A2FE-44127290BCC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7F681719-8478-45E6-968A-A3B83FF45B5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8091307E-F4FE-4ADC-B6EF-42E688978489}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8A2B12AE-01F4-4B78-B3FB-BD1EACF3E1CF}" = lport=139 | protocol=6 | dir=in | app=system | "{8CFAD4E2-9E61-4DBC-908A-96B0EA98FB4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8D561732-7F6F-46DA-8FBC-9FA442524B9F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8ECF8971-8F17-4788-BFA6-64608ECA33DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{911AB731-DE84-4F3B-A936-0EBC02F3CBE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{953F5D1C-7B97-4F84-8F4E-266B75EF5FD6}" = lport=445 | protocol=6 | dir=in | app=system | "{95C36275-17B0-4C43-B72D-976518D44378}" = lport=137 | protocol=17 | dir=in | app=system | "{9783FBF0-A0AB-46FD-997E-B4028FA79E87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C767840-1813-4B6D-ADEB-E3EAD31A91F3}" = rport=445 | protocol=6 | dir=out | app=system | "{A7257038-B635-479C-B111-35506410291A}" = rport=139 | protocol=6 | dir=out | app=system | "{B02EDB32-83BD-41EF-8D68-22B5BC96BE35}" = rport=138 | protocol=17 | dir=out | app=system | "{C5E46E31-B4A8-498B-9249-564445022066}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CB155307-418D-457F-8A6D-44957FD7CA1A}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{034EC4CE-7009-47F2-AF88-95E0050D9685}" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | "{03E4C890-8265-470B-A40C-C079F0FFE255}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | "{046169B2-154A-47CE-A882-512D2777A4AC}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | "{079C7E25-E08E-4191-A911-A60B54968E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamigogames\levelr\levelr.bin | "{0A2B6E82-B9DE-463F-AB20-2674DDF90F1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0B2B21D3-E218-4A02-BC43-4E9E69B43AD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0B55BAEA-C86D-4752-9993-1569247AF2BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{10C9C4CE-7FB0-4C0D-B7EC-F663D6545D9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{142595D5-F45E-488C-934E-D35BB96BD2E2}" = dir=in | app=c:\users\*** ***\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{15030797-02C0-4788-8E87-10147AB42DD6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{160E0E6B-95D6-40AF-A060-B24706615520}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{163038CE-D487-450A-9D5E-841E0CE84451}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "{18B68A6D-65C9-42E0-A21D-9A62D5997B5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F617DA3-2AAE-458E-BA4E-48F639366CC2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{22427D00-21E2-418B-B941-B36344ACA1F4}" = protocol=17 | dir=in | app=c:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe | "{22E92D65-04D5-469B-8817-3EF38767BC07}" = protocol=6 | dir=in | app=c:\users\*** ***\appdata\roaming\dropbox\bin\dropbox.exe | "{25153FE7-426E-4811-9FA5-25ABCD1F1207}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | "{29ED371A-194D-493B-8E14-A5080079A207}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{2BA70848-D53C-4F23-AE83-A64D242A3BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe | "{2E226F3F-E923-4AE5-8E8B-92A2AFFC7CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | "{2EED97C5-78EA-4377-B0F3-B8EFE8489B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | "{315B8A44-E198-4CC1-9060-2FC1CA543722}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe | "{3634C040-277D-448C-B5B5-62186ED169ED}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | "{382F2C56-322F-4F68-9DF4-C59E9F0DE2EF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{39B06B48-58CC-4F7E-853D-71CB8749EA66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3B45E89E-DCE6-459A-B636-2197C3A13BA7}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | "{3D9BD07F-0205-489E-BD82-6ED033523177}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{4519BBF2-A2A4-4A66-A43C-3318073AA3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "{468B5E3E-128A-4FA0-8CA0-A1D794D26109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{46BA4168-6EE8-49CE-B121-69B0B4620E46}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{4762E7BB-38AF-4F09-9430-299673C00E8E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | "{47D42BAB-C385-4509-9EF2-8BA9E6E1F5D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe | "{4A852C00-F092-44C9-9920-260676D3D984}" = protocol=6 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe | "{4A8A8D90-5223-49AB-B4DB-3486F99B29E0}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | "{4E6D6DAB-7F60-4B05-9D90-C91C3358A278}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{505EBD95-98F0-4C93-8D2C-2A54D6A756F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{508BE521-5FAA-4B37-8A1E-F6D450AFE024}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | "{5156C585-7553-40E2-AC1F-40BE91F5E01E}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "{52150541-A1EE-4EB6-8CAD-F09352717B2B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{52AE36E6-1A8A-4674-B7AB-59DDC4C9584A}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{546EB27B-9499-4D6A-BB14-C3FFA5440DE5}" = protocol=6 | dir=in | app=c:\users\*** ***\appdata\roaming\dropbox\bin\dropbox.exe | "{556ADBB9-F904-409A-9E36-04CD36B88073}" = protocol=6 | dir=in | app=c:\program files (x86)\gamigogames\levelr\levelr.bin | "{55F0BC2C-050E-4862-A053-4C40F5123A8F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | "{56B3CCA8-23C8-4B4D-84DF-0368A5D469A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58EC94E2-5392-4B61-AA65-F4A3B7847218}" = protocol=17 | dir=in | app=c:\users\*** ***\appdata\roaming\dropbox\bin\dropbox.exe | "{59A62A44-19E2-4F61-8ECA-DBE4BA14C731}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5A175202-6D04-4A4C-9189-6BECA25E1B9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5A9345FD-6E7A-437A-A861-83B840DA8ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5B8CA564-7612-40AF-B813-E28767907D87}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{5BCD1434-FB4D-4FD6-9E62-0C4027D5DE8C}" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | "{603D5138-A4D0-4727-88A8-BD51C03EAE06}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "{61F3940B-C625-4FB1-BE68-A796386D839E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6596D026-7A96-4BA4-A05D-5472620A0059}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{659FF36A-A9A0-401F-9862-06606A844644}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{67AD569F-178A-4E91-961F-9596F463E51D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6BD424A5-1C03-4850-906A-1F34AFD67F2E}" = protocol=6 | dir=in | app=c:\users\*** ***\desktop\downloads\solutoinstaller.exe | "{738D1BEE-B538-47FC-AE03-8972DCC2EB0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7B99C9AD-12C5-4661-ABBC-D33CE4358465}" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | "{7FE365C1-94FC-40C6-86EE-787B59B97164}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "{823320DF-8091-40AA-BBED-3DF4AEF690CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{84A3FAAF-DF33-4557-B931-B8BA694736CE}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{8C748021-05C6-4524-95CC-B89328901488}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | "{9393FDF9-F90F-40F2-BDB3-D1D321A5DC95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{975AFFFB-77E2-4075-893B-11D415C32703}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9996FAFE-D486-44C6-AC38-3D4591268446}" = protocol=17 | dir=in | app=c:\users\*** ***\desktop\downloads\solutoinstaller.exe | "{9FE2C648-995C-415A-A81F-DC76CDB5A39F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A0118A9C-2DDD-4EAE-8F4F-2966D486E037}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | "{A177A276-33F7-48B1-8FAA-13C62776A3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | "{A9F2F1AF-764A-4AD9-AEA5-475AA07CEF9E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B376324D-D885-49C2-BFA5-5C1D856277D0}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "{BC5EAA3B-9413-4A7C-A98D-551F5A5B3E9F}" = protocol=6 | dir=in | app=c:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe | "{BE79158C-C24D-4A6A-BFF1-92609379829D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe | "{BEBCE945-68CD-4ADB-A203-4E0C8AA8FF9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C0941403-1A90-4426-89CC-A6373D68A9AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{C2526281-A1D3-4ADD-AA60-FA7140E6E7B0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | "{C2C848EA-5F9F-4E5A-A9FF-0B1FB4C237F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe | "{C4ADC050-8CB6-4341-89B6-2FC5CFA64E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C5269E49-CF75-404B-BEED-0AFBA7DE4007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D496F7EF-45DA-4F11-91B1-B92269280042}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D6211E5F-631A-48BF-AA55-362D5C9D0678}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D6BF4B01-E33E-4170-8A1D-8FEDF5209D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D74504A6-09FC-4487-9542-8E5912C8AA02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DB2C9F41-5E02-4EC5-B2CC-1805D0402AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E2D5A011-9845-4776-866B-01DE5E9D164F}" = protocol=6 | dir=out | app=system | "{E5A88F54-1A54-4F4F-A32A-9671CC730431}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E5F9D242-04E9-473A-A4CD-4F9E691EB956}" = protocol=17 | dir=in | app=c:\users\*** ***\appdata\roaming\dropbox\bin\dropbox.exe | "{E926C84B-C840-41CE-B842-76C6F9F6A4C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ED9C5026-032E-48EF-B3E0-654304C6D340}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F679E3F5-A291-418D-8413-77D552F4FC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{0F5042E2-9DDD-4EF5-B100-7A1708ABD15A}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | "TCP Query User{1FF537B9-0273-4EEE-8D63-FF460459BE0C}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{2050E07B-14BB-4522-BCB5-B363447E7B66}C:\users\*** ***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\*** ***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe | "TCP Query User{2605588E-AF93-4A83-B0ED-F6B5A8D5CC55}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | "TCP Query User{283BC01C-DED9-42B0-BA1A-CC8A4BBD3280}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | "TCP Query User{2C20841A-9E10-48F7-9844-CDA2EE48D246}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{5E176105-218D-477E-97CD-6AEA6C1DD332}C:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe" = protocol=6 | dir=in | app=c:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe | "TCP Query User{740DFD5A-8D80-4FA9-8959-5B7F2F93F1DB}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{83C7B4C9-689B-4ECB-9303-1E2D89F18AB9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A9C2C744-A319-46D5-8F71-44204351B97F}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "TCP Query User{BC03225A-6C91-4FB9-B2AC-B78BA3A5C3F2}C:\program files (x86)\a4proxy\a4proxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe | "TCP Query User{D436A5DA-D3A5-4B1A-B50C-EAE320733A4A}C:\users\*** ***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\*** ***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe | "TCP Query User{E5D400F7-9384-4D33-BD65-6AC6A4272BAF}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe | "TCP Query User{FC98F77A-F7E5-49D6-996B-CCAB3F0FF335}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{01C93D82-62F7-4C83-82AA-75AC61C85E3E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{09790F24-4561-42DB-83BD-CEDC7BAC926A}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | "UDP Query User{09DB9C2E-AEE1-46BE-BDF7-BAE8EE1D0DA3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{26588453-1503-41DF-A08B-E052D0C48969}C:\users\*** ***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\*** ***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe | "UDP Query User{3CC4655B-9798-4139-8C95-5B3902CF2F5A}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | "UDP Query User{43707471-2FD8-450A-8F23-E3E5D9403977}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{6233B2AE-452C-4276-82AD-0F9CC6D45395}C:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe" = protocol=17 | dir=in | app=c:\users\*** ***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe | "UDP Query User{8437AE5E-DC77-472F-BB0C-EF31265C54B0}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{8AF2DA3C-6A00-4FEF-B5CC-AFADBEEA3C19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{B3944AD0-B873-4281-BD08-033C05FE0B59}C:\users\*** ***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\*** ***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe | "UDP Query User{B7EF7A50-36B5-4804-BE4D-CC654295466B}C:\program files (x86)\a4proxy\a4proxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe | "UDP Query User{C79D30F0-ABB2-432A-96D1-4C1A6F20D325}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{E7068BBD-0314-4CB8-AA32-7BF305E923E0}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe | "UDP Query User{F213C774-40E4-4E01-BE24-1ABA04810C7D}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud "{80E64FDE-029B-11E2-A955-F04DA23A5C58}" = MSVCRT Redists "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90B964AC-CF8E-4B69-935E-A1E620DCBAE2}" = DisplayLink Graphics "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55 "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "DriverEasy_is1" = DriverEasy 3.6.0 "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94B8E8AF-7F52-4AEB-8731-450942059E89}" = Boost Libraries for C++Builder 2010 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0 "{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Any Video Converter_is1" = Any Video Converter 3.0.3 "Audacity_is1" = Audacity 2.0.3 "Avira AntiVir Desktop" = Avira Free Antivirus "Boost Libraries for C++Builder 2010" = Boost Libraries for C++Builder 2010 "BrowserCompanion" = BrowserCompanion "conduitEngine" = Conduit Engine "Dell Webcam Central" = Dell Webcam Central "DivX Setup.divx.com" = DivX-Setup "Eazel-DE Toolbar" = Eazel-DE Toolbar "FormatFactory" = FormatFactory 2.80 "Fraps" = Fraps (remove only) "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.6.221 "Free Audio Converter_is1" = Free Audio Converter version 5.0.11.508 "Game Booster_is1" = Game Booster 3 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "LameACM" = Lame ACM MP3 Codec "LHTTSENG" = L&H TTS3000 British English "LHTTSGED" = L&H TTS3000 Deutsch "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "NSS" = Norton Security Scan "RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "Software Informer_is1" = Software Informer 1.0 BETA "Systweak Photoalbum_is1" = Systweak Photoalbum "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.05.2013 11:07:00 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 12:07:00 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 13:07:00 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 13:35:50 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 14:07:00 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 15:07:00 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 15:16:56 | Computer Name = ***PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 13.6.0.1262 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 850 Startzeit: 01ce51a0b49a37be Endzeit: 3844 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe Berichts-ID: fc877bb7-bd93-11e2-a1da-0025647f4c38 Error - 15.05.2013 15:42:13 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 15:42:41 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.05.2013 16:07:03 | Computer Name = ***PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 08.03.2010 12:22:23 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 17:22:19 - Fehler beim Herstellen der Internetverbindung. 17:22:19 - Serververbindung konnte nicht hergestellt werden.. Error - 10.03.2010 13:28:41 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 18:28:41 - Fehler beim Herstellen der Internetverbindung. 18:28:41 - Serververbindung konnte nicht hergestellt werden.. Error - 10.03.2010 13:28:53 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 18:28:46 - Fehler beim Herstellen der Internetverbindung. 18:28:46 - Serververbindung konnte nicht hergestellt werden.. Error - 10.03.2010 14:29:03 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 19:29:03 - Fehler beim Herstellen der Internetverbindung. 19:29:03 - Serververbindung konnte nicht hergestellt werden.. Error - 10.03.2010 14:29:12 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 19:29:09 - Fehler beim Herstellen der Internetverbindung. 19:29:09 - Serververbindung konnte nicht hergestellt werden.. Error - 29.04.2010 10:44:18 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 16:44:18 - Fehler beim Herstellen der Internetverbindung. 16:44:18 - Serververbindung konnte nicht hergestellt werden.. Error - 06.06.2010 08:25:23 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 14:25:23 - Fehler beim Herstellen der Internetverbindung. 14:25:23 - Serververbindung konnte nicht hergestellt werden.. Error - 06.06.2010 08:25:37 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 14:25:33 - Fehler beim Herstellen der Internetverbindung. 14:25:33 - Serververbindung konnte nicht hergestellt werden.. Error - 03.06.2011 06:46:04 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 12:46:04 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout für Vorgang überschritten) Error - 09.06.2011 15:51:57 | Computer Name = ***PC | Source = MCUpdate | ID = 0 Description = 21:51:57 - Fehler beim Herstellen der Internetverbindung. 21:51:57 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 15.05.2013 14:00:20 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:00:20 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:00:20 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. Error - 15.05.2013 14:01:37 | Computer Name = ***PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden. < End of report > |
Themen zu Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! |
angeschlossen, daten, entdeck, entdeckt, externe, externer, festplatte, freue, gen, gerettet, geschlossen, hoffe, konnte, malware, ordner, ordnern, platte, troja, verknüpfungen, öffnen |