AlexisCorner | 01.06.2013 06:05 | Moin Schrauber,
OTL Code:
OTL logfile created on: 01.06.2013 06:41:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,54% Memory free
6,18 Gb Paging File | 4,96 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 131,79 Gb Free Space | 47,35% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day
========== Processes (SafeList) ==========
PRC - C:\Users\Aidy\Desktop\security\OTL.exe (OldTimer Tools)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\Common Files\soft Xpansion\sxds10.exe (soft Xpansion)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\EgisTec\VITAKEY\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\VITAKEY\BASVC.exe (Egis Technology Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (SXDS10) -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe (soft Xpansion)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (FlipShare Service) -- C:\Programme\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Programme\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (IGBASVC) -- C:\Programme\EgisTec\VITAKEY\BASVC.exe (Egis Technology Inc.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (ZY202_VS) -- system32\DRIVERS\WlanGZG.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Aidy\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (WsAudio_DeviceS(5) -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (FPWinIo) -- C:\Windows\System32\drivers\FPWinIo.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7E66F910-8804-4061-8673-45DF0A7F1ABE}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{914191DA-E641-4791-AE86-F790723A1825}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.05.26 21:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.17 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.05.26 21:07:58 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.05.31 14:45:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Programme\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\tnnsszpsp.dll File not found
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kabelbw.de ([www] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aidy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aidy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 1 Day ==========
[2013.05.31 19:14:02 | 000,000,000 | ---D | C] -- C:\Users\Aidy\Desktop\security
[2013.05.31 15:29:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.31 15:29:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.31 14:48:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 14:48:17 | 000,000,000 | ---D | C] -- C:\Users\Aidy\AppData\Local\temp
[2013.05.31 14:31:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.31 14:31:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.31 14:31:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.31 14:31:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.31 14:26:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 14:25:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2 C:\Users\Aidy\*.tmp files -> C:\Users\Aidy\*.tmp -> ]
========== Files - Modified Within 1 Day ==========
[2013.06.01 06:45:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2013.06.01 06:29:25 | 000,086,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.01 06:29:25 | 000,025,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.01 06:29:25 | 000,010,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.01 06:29:25 | 000,004,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.01 06:26:25 | 000,042,464 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.01 06:25:28 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.01 06:22:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 06:22:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 06:22:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.31 20:31:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.31 20:10:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.31 18:50:33 | 000,023,117 | ---- | M] () -- C:\Users\Aidy\Desktop\security check.JPG
[2013.05.31 14:45:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.31 13:33:40 | 000,042,464 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2 C:\Users\Aidy\*.tmp files -> C:\Users\Aidy\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.31 18:50:30 | 000,023,117 | ---- | C] () -- C:\Users\Aidy\Desktop\security check.JPG
[2013.05.31 14:31:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.31 14:31:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.31 14:31:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.31 14:31:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.31 14:31:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.31 13:33:40 | 000,042,464 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013.05.26 21:02:51 | 000,023,624 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.09.19 18:18:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.09.11 21:18:27 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager classic.msi
[2012.08.30 21:49:33 | 000,000,048 | ---- | C] () -- C:\Users\Aidy\AppData\Local\AIDY-PC.cfg
[2011.12.29 15:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Aidy\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.12.29 15:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Aidy\.SIG_DIALOG_VOREINSTELLUNG
[2011.02.18 13:47:09 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.09.27 21:18:19 | 000,000,996 | ---- | C] () -- C:\Users\Aidy\2.sym
[2010.09.25 18:32:23 | 000,001,234 | ---- | C] () -- C:\Users\Aidy\3.sym
[2010.09.25 15:33:55 | 000,011,571 | ---- | C] () -- C:\Users\Aidy\1.sym
[2009.12.30 13:32:37 | 000,001,024 | ---- | C] () -- C:\Users\Aidy\.rnd
[2009.04.08 22:07:23 | 000,027,503 | ---- | C] () -- C:\Users\Aidy\AppData\Roaming\UserTile.png
[2009.02.23 20:43:59 | 000,000,680 | ---- | C] () -- C:\Users\Aidy\AppData\Local\d3d9caps.dat
[2009.02.14 22:13:33 | 000,049,247 | ---- | C] () -- C:\Users\Aidy\AppData\Roaming\mdbu.bin
[2008.12.23 01:07:05 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.30 22:55:35 | 000,029,184 | ---- | C] () -- C:\Users\Aidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.28 06:28:06 | 000,042,464 | ---- | C] () -- C:\ProgramData\nvModes.001
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 13
"ProviderFileName0" = unimdm.tsp -- [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation)
"NumProviders" = 11
"ProviderFileName4" = incvbk5u1.tsp
"ProviderID4" = 6
"ProviderFileName5" = incvbk5u1.tsp
"ProviderID5" = 7
"ProviderFileName6" = incvbk5u1.tsp
"ProviderID6" = 8
"ProviderFileName7" = incvbk5u1.tsp
"ProviderID7" = 9
"ProviderFileName8" = incvbk5u1.tsp
"ProviderID8" = 10
"ProviderFileName9" = incvbk5u1.tsp
"ProviderID9" = 11
"ProviderFileName10" = incvbk5u1.tsp
"ProviderID10" = 12
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{C89D3C51-F739-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{C89D3C51-F739-4CF6 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"OtherDomains" = [binary data]
"RequireSecuritySignature" = 0
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.06.10 13:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdx [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 90 D0 00 00 00 DC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 A0 00 07 00 00 00 00 02 18 00 8D 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"LocalService" = nsilltdsvcSSDPSRVupnphostSCard [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = hidservUxSmsWdiSystemHostNetman [Binary data over 200 bytes]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"LocalServiceNoNetwork" = PLADPSBFEmpssvcehstart [binary data]
"NetworkService" = CryptSvcDHCPTermServiceKtmRmDN [Binary data over 200 bytes]
"termsvcs" = TermService [binary data]
"WerSvcGroup" = wersvc [binary data] -- [2009.04.11 08:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation)
"netsvcs" = AeLookupSvcUxTuneUpwercplsupport [Binary data over 200 bytes]
"swprv" = swprv [binary data] -- [2009.04.11 08:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvLmHostswsc [Binary data over 200 bytes]
"rpcss" = RpcSs [binary data] -- [2009.04.11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"regsvc" = RemoteRegistry [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2006.11.02 11:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation)
"DcomLaunch" = PlugPlayDcomLaunch [binary data]
"wdisvc" = WdiServiceHost [binary data]
"sdrsvc" = sdrsvc [binary data] -- [2008.01.21 04:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"secsvcs" = WinDefend [binary data]
"bthsvcs" = BthServ [binary data] -- [2009.04.11 08:28:18 | 000,040,960 | ---- | M] (Microsoft Corporation)
"WindowsMobile" = wcescommrapimgr [binary data]
"LocalServiceRestricted" = WcesCommRapiMgr [binary data]
"getPlusHelper" = getPlusHelper [binary data]
"LocalServiceAndNoImpersonation" = FontCache [binary data]
"GPSvcGroup" = GPSvc [binary data] -- [2009.04.11 08:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\getPlusHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\WindowsMobile]
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
< %SystemRoot%\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
< C:\Windows\system32\*.dll /600 >
[2012.12.16 12:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 15:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2011.12.14 13:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\system32\authuitu.dll
[2013.04.13 12:56:44 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2012.06.02 02:02:32 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 02:02:32 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 02:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.09 05:45:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.02.29 15:44:50 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2012.02.29 16:08:47 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2012.03.01 16:46:01 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2012.03.01 16:46:01 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2012.04.01 09:42:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\deployJava1.dll
[2012.11.02 12:18:17 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.02.29 15:41:40 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2011.10.14 18:02:19 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2011.12.09 15:35:48 | 000,892,928 | ---- | M] (Free Software Foundation) -- C:\Windows\system32\iconv.dll
[2013.04.05 00:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.04.04 23:55:19 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.04.04 23:50:34 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.02.29 17:09:53 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.04.04 23:58:24 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.04.05 00:11:34 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.04.04 23:59:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.09.28 18:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.05.11 17:57:00 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2011.11.16 18:21:57 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2011.10.14 18:00:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mciseq.dll
[2013.04.04 23:56:41 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.05.05 21:25:43 | 012,324,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.04.04 23:54:42 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.03.08 05:52:22 | 002,067,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2011.12.14 18:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.05 18:47:27 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.02 12:19:34 | 001,400,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:22:50 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.06.29 18:01:42 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.08.30 22:46:46 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2011.11.18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2011.11.18 19:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2011.10.25 17:58:54 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2012.11.08 05:48:38 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.01.09 17:54:08 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpencom.dll
[2012.03.01 13:42:16 | 001,089,536 | ---- | M] (eHelp Corporation.) -- C:\Windows\system32\ROBOEX32.DLL
[2012.06.02 02:04:25 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2011.11.16 18:23:08 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.11.22 05:54:36 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shlwapi.dll
[2012.09.25 18:19:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.11.13 03:29:51 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011.12.13 18:44:50 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2013.04.05 00:01:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.04.05 00:02:58 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.02.15 11:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\system32\usbaaplrc.dll
[2011.12.14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\system32\uxtuneup.dll
[2013.04.04 23:57:45 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2012.08.30 22:46:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winhttp.dll
[2013.04.05 00:02:17 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2011.10.14 18:03:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winmm.dll
[2013.03.08 05:53:50 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.08.24 17:53:29 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.02.29 17:11:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll
[2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll
[2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll
[2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
< End of report > und die Extras dazu: Code:
OTL Extras logfile created on: 01.06.2013 06:41:05 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,54% Memory free
6,18 Gb Paging File | 4,96 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 131,79 Gb Free Space | 47,35% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FDB3FD-AF99-4880-BF68-6044AB5FE11F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{020C45E6-8A14-43FE-8E5B-18BDD77BBFF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04EF0630-8A72-44A6-9A84-8B8359B63562}" = lport=137 | protocol=17 | dir=in | app=system |
"{0800057C-EEC1-4428-A739-CA1E1DCB7892}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0C6E4011-B23B-4631-B972-0EDD3016D34B}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BACB4FB-4F99-46AF-8237-9A557DF085C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C92BA7D-67D5-485F-AEBD-92484201EDBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DDDEEB7-3CB0-4233-8C64-C62DE24D4BC6}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{52F214C3-05E2-4E97-B19B-04349AA2D9A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{534E2B8B-47BA-43DD-ADC8-2DFBD57FC9BA}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{6A6FCA28-6BBE-4C78-80B7-E30B49F323A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C5877DD-112C-4853-8F34-9F51EE96EA39}" = rport=139 | protocol=6 | dir=out | app=system |
"{7019014C-8CDA-436B-8924-A45EF93D3B25}" = lport=138 | protocol=17 | dir=in | app=system |
"{8DCDF223-DF6C-40CE-B98F-A6C623F660AA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8FC45708-A7FE-4392-894A-FF9A97E8E497}" = rport=445 | protocol=6 | dir=out | app=system |
"{964862EE-5F5E-427C-90B2-4F9FA07337EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1822F71-1510-4AA8-AD88-4B8F657E9B61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A61CA599-20F2-4D52-88AF-5FE27DB6E974}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8EBB4FD-BF5E-49AC-BB9F-AE81E02C0991}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{B0663DA3-55D3-4248-8DE7-608E799416ED}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{B100512D-7F34-47BB-8F62-61282C1D5F16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF06A31D-5D06-421E-912F-0D590C595B1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF706BC5-9499-4725-A9D4-84ACFEAB3833}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1FB60F4-AB6A-4A01-A74C-9D2D636982A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DD454A1-D94D-4BE5-B6C2-8BD335FC86FC}" = protocol=17 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D154B45-DCAB-473E-BA75-4BD63663C7BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{38E64B9A-FEA1-4827-9034-F864C12FE89A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3FDBE423-8712-4DC3-866E-D67CC36CB7A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4051F486-1EC0-4237-AF1B-646EA61E453F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{471739D8-E1AD-46E6-BC2B-A44CC7863DF3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5AE16606-4596-4649-9FE3-8B2E1BC5BB0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69CA9712-023A-4762-AD38-768475B69666}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{70D0A20D-ABE8-49FC-A865-F39920462815}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{8ADE1889-B592-4A09-BB41-3D3016179AEC}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{96B6DA03-64F3-4026-BBC5-05DCBC9F7092}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}" = dir=in | app=c:\program files\hometab\tbupdater.dll |
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}" = dir=out | app=c:\program files\hometab\tbupdater.dll |
"{B577ED98-8841-4508-9CA1-A382F241BB34}" = protocol=6 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE758E6A-F30C-4252-B895-C02BE704C61D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9BA320A-9B0D-46D6-B61D-57EAEF8EB00A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC0CED3B-3F03-436D-BFA9-04CA81ED960B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D56F3A26-2D4F-4E5C-9280-B250D2FD91E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{DE43EBB1-D1BB-4BA7-B7EB-26FC7959079D}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{FF5A375F-53C6-40AF-8B56-7B6C2ADAB985}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{44FD4A20-2BD6-4E36-AD74-E19447714020}C:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe" = protocol=6 | dir=in | app=c:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe |
"TCP Query User{552C4610-4933-44E8-98B6-32FC3403C7DD}C:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A97653B0-4E5A-49A0-B4EB-F3F3222E0B6B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B496357E-0D1A-4F85-B2C4-F0201512FF34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D35F4179-DDFB-4BA1-AE0D-B212AD8D49FA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{F937324C-0801-4C93-8FB4-5CCDBDAE6DE9}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{F98E67D4-45C1-4F89-B8BF-49758B35D22B}C:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe |
"UDP Query User{076A6AF3-711A-4626-B1E3-84B25C2214CD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{13318B47-1F39-4A42-A8F8-CCC90C95AFE8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{27E985F6-1A06-4AA6-81BD-DD34FC938555}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{48CEE6E0-2973-474D-AF74-AECAB787F048}C:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe |
"UDP Query User{629E01C0-9D53-4928-AF29-209765B9D675}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{A9AFD32E-8432-4894-8183-533418CC2953}C:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe" = protocol=17 | dir=in | app=c:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe |
"UDP Query User{B55B63B5-AAE6-4B5C-A062-93FA3C33E8DA}C:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9135AC-592E-4767-B029-ADCAC182CCFA}" = Falk Navi-Manager classic
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64a0a565-da88-4664-9c17-dbf1b23642fe}" = Free Pdf Perfect Prereq
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88265079-D6F4-4292-86BE-D2053E80BFE4}" = Freemium Free PDF Perfect
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.0
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37360B3-A429-46BA-AC9F-418152C462A6}" = tax 2013 Freibetrag
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEA017A3-E8DC-4208-9FA9-76EA95DAE1D7}" = Falk Navi-Manager classic
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dm-Fotowelt" = dm-Fotowelt
"dslmon" = devolo Informer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Fotoservice" = Fotoservice
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe SE D" = MAGIX Video deluxe SE 6.5.4.2 (D)
"MEDUSA4_PERSONAL_V4_0_0" = MEDUSA4 PERSONAL V4.0.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Backup 5_is1" = Personal Backup 5.3
"RasterVect Free Edition_is1" = RasterVect Free Edition
"Ravensburger tiptoi" = Ravensburger tiptoi
"Saturn Fotoservice" = Saturn Fotoservice
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"X10Hardware" = Remote Wonder Series Driver and Control Panel
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report > Grüße
Alex |