robertjana | 30.04.2013 12:32 | Das verstehe ich nicht - Die logs beginnen mit OTL logfile bzw OTL Extras logfile und enden beide mit End of Report.
Ich habe otl noch einmal laufen lassen, falls ich in den Einstellungen etwas übersehen habe. Hier sind die logs: Code:
OTL Extras logfile created on: 30.04.2013 13:23:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free
5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Marktkauf Fotowelt] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\Marktkauf Fotowelt.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBE1AF-ACDD-4616-BBB2-8010B0351578}" = lport=138 | protocol=17 | dir=in | app=system |
"{0124E97A-D2C4-48CB-B1AD-165995C56F01}" = rport=138 | protocol=17 | dir=out | app=system |
"{05077F09-B9BA-4F3D-9214-BEBCD185B7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A3F24E7-FC11-49C1-A29E-27F26FFE46A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{125686FB-BF21-42F2-B1C7-49762D127508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2257A98A-A1CC-444C-AD9A-EA040571FA11}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A856FAF-E52B-44AD-BB70-C9370508D4B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{39C3FEE9-D9E6-48C0-9FD5-A0ADA9991D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E239203-EDC0-4015-8781-8AA9A9A52BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E42BB3-4DA3-4C7B-854B-884033F51A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7BD6C829-AD7E-4E62-B0A0-EC592B0BFC00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C1A877B-8980-466E-8F31-F7266F51DDF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EB81184-8425-4B41-89D4-12EB843C7BCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89EAA9EB-9453-4B33-911C-8E3CDFC9ED7B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{909F7F5F-6C59-4A92-A0DC-F30914CB27BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A40AACF2-0235-4981-9BAD-2B66C04908B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B93E2931-4AC7-4B50-9590-EACAC268828E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C42E2A5F-E80E-434B-A1B5-A69B698F143B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB43E44B-87E1-42C6-ABFB-CC018233204C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6A68863-E00A-4165-80F4-7B1C4F117B2F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DE06AFA5-13D1-4BAA-9DA1-B3F3DD0C96F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF4B3812-36A0-46BC-8BAF-0ADD29D9859F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1E1A16B-2CD5-4F8E-BB70-F87B53C6B6EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E52BBA03-1C6C-4998-BFC5-D26890EF5FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F581072D-3575-421A-B98F-9EDB4320DC3B}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020FBDF3-73DB-4505-9B73-FE4D572B974A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0333CED5-75BB-4F2C-9E4D-3D8BD3F03AC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{07C21D8E-1E8F-4E61-9D84-6118F4DA3306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0D3CB104-72D9-412B-BF6B-435476994824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F516105-7F87-4B5F-97E2-AD77B9FB508C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{153D9755-92AA-4EC2-B173-B775408C65A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1831E975-36A8-4A31-86DE-B264C43A540C}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C7ADED3-6429-429B-8F2D-AD9684435227}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1DF4528E-66E9-420D-8C37-628184ECC548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A9A97D7-FA47-4982-979A-9E232AB694AE}" = protocol=6 | dir=out | app=system |
"{2B6B670E-CD72-461C-8BAE-26E189673AC1}" = protocol=6 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3416A108-2BAC-48D3-98D2-58B8CDC34070}" = protocol=17 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B239162-EA6C-46C7-8A53-EA1FCA3769BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{3B8F10C3-323A-477A-937A-D060127EF74B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{3EAF2832-8E46-412E-AC74-02AF7CB814FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A36639B-4DEC-41F5-84C1-4F94C412CDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55A784B6-749D-4AE5-97BF-C58508EAB8C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F65D17-6559-46CA-B8C5-1839A3A2E2C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5F66C389-73C2-4598-955F-E49388386493}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5FB4953E-054C-4549-9F32-663F836D2482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61A21EA7-5F9F-4CAB-9F9A-C28DBC4716E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62AC7A0B-998A-432F-B9B5-ABDAEA22FA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{637BBB6C-84A5-4724-9053-34239D149B58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{685C06E5-4DBE-40EC-A663-0BC0AEC8E25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2ABAA-7300-4066-829C-09378A5737FE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{6AF6A577-3011-45CC-91D8-7384C3CABD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6C890355-84C3-476B-889E-BDDF88E24F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EFEEC8E-105B-4958-A3B9-0441C203FC42}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{7ED056C3-C02B-48A8-853C-81A764684BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F36C833-D27E-441F-8A92-857986974E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8171B296-1FAB-41A8-97FE-BC92D90628DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{8455F6A8-7076-4D71-B2A8-CEC6E2E6064E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{9115CB1A-AB8B-4517-89D7-09C37656AABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{95A093A6-B6B6-4C79-B0B9-3F11FABE54E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{99ACFB7C-6F9A-43AB-BD5F-C73ACC1DDF0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AEA89825-52BB-4E5E-BE99-FDD75B318DBB}" = dir=in | app=f:\setup\hpznui01.exe |
"{B07A451D-D034-4464-A8A6-D1C234FFA275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B9B7FEE4-ABF2-4C16-A6BF-1CFC37A5173B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA9A4CF1-75F8-4288-940D-1BB3A64860D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BB1215A4-CB29-4441-8712-8801F3E8EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BCA8209B-DB05-4208-A34C-D2285DFCDD66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C7EA62C3-EE32-4C9B-BEAF-251DE187D931}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CB2E0654-7383-4274-A70C-6473D19BC333}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3A401E8-1976-479F-9FF2-33DB9E76D9BD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E1331139-65EC-41E9-941F-D42D8857654B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5CB4622-ACB0-42ED-8C9E-035A6E3F54B7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E742B2A0-4B7F-4695-B857-A5C70F3793A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E9B3D9A5-0DB1-49BA-9F4E-A56AB836DAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{ED169D4C-50CC-47C0-9E04-FE151683C2B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F76A9E9D-B4DD-44D4-8D0A-97C8F7A29861}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F9CC7FD7-9072-4893-9AF7-CA15762A738B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0E59DA79-5EB8-411C-895D-A002591A2437}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
"TCP Query User{2161F6F6-422E-479F-B0EA-A88E05A545EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5BA19066-3B07-4198-94A9-8306F0F6AACC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6D5836D8-2323-4DEE-8699-85B2BA001014}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{8AD252CD-CD77-49F5-9534-9C7F50AB051C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{ADC5C1D4-82C7-40B7-B50D-B693FFAB2AB9}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{B0F017FF-34EB-4C55-A0B6-004C22B59422}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BACEC8D8-9322-45DF-B996-C4D562BEE386}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C3B8F8C0-787F-474A-888E-494891364716}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E1159490-5698-45FF-8CAE-FB2A8A617221}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E3605124-FCE1-4D73-B235-BAA5E2FA3D51}C:\program files\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"TCP Query User{F4CAFF87-44AB-473D-A517-4A7C89CEA6C2}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{082D07D6-FFBE-4ACC-A7D3-BAD805B02693}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{136C4661-14A3-4BC6-A81C-84885D357A43}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{169D9788-32B5-4D2D-8E6F-9B164401121F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{25A111B9-E463-43D3-B5E7-FA8D9D152532}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3AE40E8A-B8B9-4C45-90A9-CDE10353018F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5BEF3624-B557-41B6-B878-7B4E8CAD0F16}C:\program files\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"UDP Query User{6884F62F-6546-4650-9147-460F5D74CE73}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{694F6673-CEBF-43EB-A731-D39CAC9EA1F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{88772BF3-3EB1-4EEF-B4F6-DBC7F9EB2F8D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{AB845567-2A81-410E-864C-271ACC99E8FC}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{AD528A09-4865-4B68-9A95-E08CBC280975}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{DAB85B9A-E861-4310-BB35-2FFA8EE81BD1}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13DFC4CE-9089-4907-E042-71DCD6727DBA}" = ccc-utility
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB485D-50A0-4F1E-8F43-45B3D2CDCEB7}" = Prisma Arbeitsblätter Biologie 1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2846E2D9-5991-4332-A05D-20B06D15DFD5}" = The Maxifier
"{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1" = Calme Version 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7235B2-3305-4FE1-A9A1-5F8AC2F33122}" = SMART Common Files
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1" = 2.0.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A810B5F5-8ACA-4670-B6B3-F98B07DFF6C4}" = SMART Notebook
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C748519A-9E3F-6FA2-5A7A-3CABECEC2CE1}" = ATI Catalyst Install Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD64C3B5-BE43-4496-9D26-5C4B2E0E104C}" = Langmeier Software Dreieck-1x1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ECE9F52E-4A25-4265-8459-85DF6A6FEB52}" = SMART German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F41D5B74-E0AC-4D36-9BC4-86A02994AA83}" = 10*000 Aufgaben Mathematik
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBC386FF-3249-4C37-B87F-51A23E46AEFD}" = TSDoctor
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Blitzrechnen" = Blitzrechnen
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dropbox Shell Tools" = Dropbox Shell Tools 0.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HaaliMkx" = Haali Media Splitter
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ifolor-Designer" = ifolor Designer
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Marktkauf Fotowelt" = Marktkauf Fotowelt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.13
"Pixum Fotobuch" = Pixum Fotobuch
"Poker im Wilden Westen" = Poker im Wilden Westen
"Ressource 3000" = Ressource 3000
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsKalender-Assistentv6.00" = SmartTools Publishing • Word Kalender-Assistent
"TeamViewer 8" = TeamViewer 8
"The Maxifier" = The Maxifier
"VLC media player" = VLC media player 2.0.4
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fbaaf7d101824206" = RoboGUI
"Move Media Player" = Move Media Player
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2013 13:20:13 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7b86d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003d679
ID
des fehlerhaften Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0x01ce44fd948e23c5
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\EXPLORERFRAME.dll Berichtskennung: 0cccba3e-b0f1-11e2-b6ac-90e6ba8c80d1
Error - 29.04.2013 13:27:47 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 1041
Description =
Error - 29.04.2013 13:30:16 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 10005
Description =
Error - 29.04.2013 13:59:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01ce450342d1f8a0 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 880dc23d-b0f6-11e2-936f-90e6ba8c80d1
Error - 29.04.2013 14:06:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0x1880 Startzeit der fehlerhaften Anwendung: 0x01ce450442f3015f Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 825589ea-b0f7-11e2-936f-90e6ba8c80d1
Error - 29.04.2013 18:31:37 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\SMART Technologies\Support\dpinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.04.2013 18:32:27 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\aldi
nord bestellsoftware\install_flash_player.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.04.2013 18:34:01 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 29.04.2013 18:35:21 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\word
kalender-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\smarttools\word kalender-assistent\adxloader.dll.Manifest" in
Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 30.04.2013 01:14:53 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0x14c4 Startzeit der fehlerhaften Anwendung: 0x01ce4561a3926874 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e3542791-b154-11e2-ab61-90e6ba8c80d1
[ System Events ]
Error - 29.04.2013 13:19:42 | Computer Name = MultimediaPC | Source = DCOM | ID = 10010
Description =
Error - 29.04.2013 14:06:56 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 29.04.2013 21:21:00 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 30.04.2013 01:20:09 | Computer Name = MultimediaPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
< End of report > Code:
OTL logfile created on: 30.04.2013 13:23:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free
5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Robert\Desktop\Trojanerboard\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Kinder\AppData\Roaming\Dropbox\bin\dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Programme\The Maxifier\The Maxifier.exe ()
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Acronis\TrueImageHome\tishell.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Programme\The Maxifier\The Maxifier.exe ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]_Software.dll ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FlexNet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Flexera Software LLC)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\remote\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (camvid20) -- C:\Windows\System32\drivers\camdrv21.sys (Philips Components BU Imaging Solutions)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend Goerler GmbH)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (SNL320XP) -- C:\Windows\System32\drivers\9kdUSBXP.sys (Sonix Technology Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 37 37 7D 97 CA 01 [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{A9EE43D8-5797-4B37-BB80-7C27E41CFAE6}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{FD0AB065-284F-4E0F-99F3-6917141DC82D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 AB 7C F4 F9 85 CC 01 [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{910671B7-1BFD-4224-907C-666D9CA64B5F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.12 22:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 08:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.13 15:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.12.20 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions
[2011.08.19 14:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.26 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Firefox\Profiles\d9z8nnd6.default\extensions
[2013.03.31 20:22:48 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\extensions\extension@preispilot.com.xpi
[2012.12.12 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.04.29 07:30:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [The Maxifier] C:\Program Files\The Maxifier\The Maxifier.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1002..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\RunOnce: [Report] \AdwCleaner[S3].txt File not found
O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dropbox2.bat ()
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1349814738270 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE8D744-F9C0-4196-9406-7FA6A6CA07F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.30 03:02:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.30 03:02:47 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 03:02:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.30 03:02:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 03:02:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 03:02:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 03:02:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 03:02:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 03:02:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 03:02:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 03:02:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.30 03:02:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 03:02:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.30 03:02:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.30 03:02:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 03:02:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 03:02:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 03:02:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 03:02:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.30 03:02:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 03:02:46 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 03:02:46 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 03:02:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 03:02:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 03:02:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 03:02:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 03:02:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.30 03:02:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 03:02:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.30 03:02:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 03:02:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.30 03:02:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 03:02:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 03:02:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.30 03:02:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 03:02:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.29 19:16:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.29 19:16:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.29 07:31:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.29 07:31:26 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\temp
[2013.04.29 07:16:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 07:16:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 07:16:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 07:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 07:16:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 17:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.26 17:58:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.26 17:58:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.26 17:58:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.26 17:58:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.26 17:58:45 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.26 17:58:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.26 17:58:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.26 17:58:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.26 17:58:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.26 17:58:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.26 17:58:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.26 17:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.26 17:58:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.26 17:58:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.23 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\player
[2013.04.23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.04.20 08:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 07:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2013.04.17 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TeamDrive3
[2013.04.17 07:23:59 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.15 08:31:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.10 01:51:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 01:51:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 01:51:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 01:51:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.09 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2013.04.09 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2013.04.05 19:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI NORD Bestellsoftware
[2013.04.05 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marktkauf Fotowelt
[2013.04.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marktkauf
[2013.04.05 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch
[2013.04.05 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum
[2013.04.05 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LAT 2.0 Deutsch
[2013.04.05 11:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\SMART Technologies Inc
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\SMART Technologies Inc
[2013.04.05 11:34:53 | 000,033,680 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll
[2013.04.05 11:34:53 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll
[2013.04.05 11:34:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2013.04.05 11:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2013.04.05 11:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2013.04.05 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2013.04.05 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.05 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013.03.31 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\remote\restore
[2013.03.31 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.03.31 20:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CEWE COLOR
[2013.03.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\PictureMover
========== Files - Modified Within 30 Days ==========
[2013.04.30 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 07:21:29 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.30 07:21:29 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.30 07:21:29 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.30 07:21:29 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 03:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.30 03:22:02 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 03:02:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.30 03:02:47 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 03:02:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.30 03:02:47 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 03:02:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 03:02:47 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 03:02:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 03:02:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 03:02:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 03:02:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 03:02:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.30 03:02:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 03:02:47 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.30 03:02:46 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.30 03:02:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 03:02:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 03:02:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 03:02:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 03:02:46 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.30 03:02:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 03:02:46 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 03:02:46 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 03:02:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 03:02:46 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 03:02:46 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 03:02:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 03:02:46 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.30 03:02:46 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 03:02:46 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.30 03:02:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 03:02:46 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.30 03:02:46 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 03:02:46 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 03:02:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.30 03:02:46 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.30 03:02:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 03:02:46 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.29 07:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.27 10:47:47 | 000,000,000 | ---- | M] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:31 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:51:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.23 20:51:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.23 20:46:31 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 09:04:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:49 | 000,001,642 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:55 | 000,111,818 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.17 08:29:23 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.17 07:23:59 | 000,001,228 | ---- | M] () -- C:\Users\remote\Desktop\Revo Uninstaller.lnk
[2013.04.15 16:17:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.15 16:17:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.15 16:17:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.15 08:31:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 08:31:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.15 08:31:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.15 08:31:02 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.10 03:23:19 | 000,543,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 18:14:31 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
========== Files Created - No Company Name ==========
[2013.04.30 03:02:46 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 07:16:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 07:16:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 07:16:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 07:16:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 07:16:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 10:47:47 | 000,000,000 | ---- | C] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:46:31 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 08:41:43 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:48 | 000,001,642 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:52 | 000,111,818 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.09 18:14:31 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
[2013.01.02 13:26:06 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.11 18:01:57 | 000,293,712 | ---- | C] () -- C:\Windows\System32\Tbsql03.dll
[2012.11.11 18:01:57 | 000,246,368 | ---- | C] () -- C:\Windows\System32\Tbqry03.dll
[2012.11.11 18:01:57 | 000,145,696 | ---- | C] () -- C:\Windows\System32\Tblib.dll
[2012.11.11 18:01:57 | 000,090,688 | ---- | C] () -- C:\Windows\System32\Tbutl03.dll
[2012.11.11 18:01:57 | 000,014,512 | ---- | C] () -- C:\Windows\System32\Tbgui03.dll
[2012.11.11 18:01:57 | 000,005,488 | ---- | C] () -- C:\Windows\System32\Tbmds03.dll
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.03 23:59:17 | 000,023,700 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2011.11.13 18:40:29 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011.07.02 01:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.26 21:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.14 19:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\remote\ntuser.pol
[2010.04.13 19:38:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > |