| My Security Shield - auch bei mir... Hallo beinander,
auch ich habe mir das nette "Programm" eingefangen.
Wie, wo und wann kann ich mit nicht erklären, dachte eigentlich, dass immer sehr vorsichtig im Netz unterwegs bin...
Bisher habe ich diese Anleitung abgearbeitet.
My Security Shield entfernen
Malwarebytes hatte 1 Datei gefunden.
Nach Ausführen der angegebenen Programme/Scans taucht Security Shield scheinbar nicht mehr auf.
Hier die entsprechenden Logfiles, ich würde mich freuen, wenn Ihr mir helfen könntet: Malwarebytes Full Scan Zitat: Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: v2012.06.27.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gavin :: GAVIN-PC_2011 [Administrator]
Schutz: Aktiviert
27.06.2012 18:44:14
mbam-log-2012-06-27 (18-44-14).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 642803
Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Gavin\AppData\Local\avgzkjh.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| ********************************************************** Malwarebytes Quick Scan Zitat: Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: v2012.06.27.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gavin :: GAVIN-PC_2011 [Administrator]
Schutz: Aktiviert
27.06.2012 20:38:28
mbam-log-2012-06-27 (20-38-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221722
Laufzeit: 3 Minute(n),
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| ********************************************************** OTL Logfiles Zitat:
OTL logfile created on: 27.06.2012 20:44:14 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\xxxx\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,50 Gb Total Physical Memory | 12,85 Gb Available Physical Memory | 82,94% Memory free
30,99 Gb Paging File | 28,05 Gb Available in Paging File | 90,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 68,15 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 301,28 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive E: | 345,57 Gb Total Space | 345,48 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 974,30 Mb Total Space | 530,06 Mb Free Space | 54,40% Space Free | Partition Type: FAT32
Drive L: | 1,87 Gb Total Space | 1,86 Gb Free Space | 99,68% Space Free | Partition Type: FAT
Computer Name: XXXX_PC_2011 | User Name: XXXX| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========
PRC - C:\Users\Gavin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Dyn Updater\DynTray.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe ()
PRC - C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe ()
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\AGFEO\Tk-Suite-Basic\tools\ctimon.exe (AGFEO)
PRC - C:\Windows\SysWOW64\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd) ========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()
MOD - C:\Users\Gavin\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe ()
MOD - C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe ()
MOD - C:\Program Files (x86)\WinSplit Revolution\WinSplitLib.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\WinSplit Revolution\WinSplitHook32.DLL ()
MOD - C:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite-Basic\tools\styles\qwindowsxpstyle.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite-Basic\tools\qt-mt334.dll () ========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Dyn Updater) -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (SageDB 5.0) -- C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WCUService_STC_FF) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.)
SRV - (WCUService_STC_IE) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.)
SRV - (arXfrSvc) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (BackupReader) -- C:\Windows\SysNative\drivers\BackupReader.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.t-online.de/software/ie401/search.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.impression-catalogue.com/stock/#/stock/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 EA BB 50 06 73 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {4DD1C80D-3116-4587-83B5-3A574B9D1608}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4DD1C80D-3116-4587-83B5-3A574B9D1608}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{8975C1AF-57C5-46d9-91F3-1FF8C994A86C}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{C1594198-8779-43a5-8B2E-E7CB0170DB05}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.ftp: "ftp-proxy.btx.dtag.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "proxy.btx.dtag.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gavin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gavin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011.09.14 20:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011.09.14 20:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.09.14 20:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.11 13:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.11 13:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 09:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.07 21:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 09:10:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.09.14 21:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gavin\AppData\Roaming\mozilla\Extensions
[2012.05.02 09:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions
[2011.09.15 01:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 01:05:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011.09.15 01:05:55 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011.09.15 01:05:55 | 000,000,000 | ---D | M] (Map+) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2011.09.15 01:05:55 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2011.09.15 01:05:54 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Gavin\AppData\Roaming\mozilla\Firefox\Profiles\3yoyaz6b.default\extensions\2020Player@2020Technologies.com
[2009.10.30 10:08:14 | 000,002,171 | ---- | M] () -- C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\3yoyaz6b.default\searchplugins\bing.xml
[2008.06.30 18:44:08 | 000,001,760 | ---- | M] () -- C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\3yoyaz6b.default\searchplugins\wrterbuch-nl-de.xml
[2012.04.26 09:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.21 09:54:01 | 000,626,986 | ---- | M] () (No name found) -- C:\USERS\GAVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YOYAZ6B.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
[2012.04.16 09:37:25 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\GAVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YOYAZ6B.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.02.16 10:00:18 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\GAVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YOYAZ6B.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.18 09:10:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.11 22:57:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.11 22:57:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.11 22:57:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.11 22:57:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 22:57:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.11 22:57:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gavin\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gavin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.06.27 20:33:55 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Winsplit] C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14856019-9464-4266-AF3B-099C901E2783}: NameServer = 216.146.35.35,216.146.36.36,192.168.4.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{31d7ae66-df1a-11e0-ae53-50e54964d63c}\Shell - "" = AutoRun
O33 - MountPoints2\{31d7ae66-df1a-11e0-ae53-50e54964d63c}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ==========
[2012.06.27 20:27:14 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{4AF6B1F1-66D4-43D2-8B0A-5DE715D8D37D}
[2012.06.27 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Gavin\Desktop\HostsXpert
[2012.06.27 18:42:07 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Roaming\Malwarebytes
[2012.06.27 18:42:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 18:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.27 18:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.27 18:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 18:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.27 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{3BE1D472-0220-4FFD-BF56-B581D01478CC}
[2012.06.27 03:19:34 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{21411884-184B-48BB-98C9-716681A72FC1}
[2012.06.26 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{34D70AFE-8D71-45A0-A569-B33D7B6D7D63}
[2012.06.26 03:19:34 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{E3CF2D3B-C7E9-4D7B-8FED-E732080262BC}
[2012.06.25 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{52CC7879-C686-4D2A-AB42-6F724F907BC8}
[2012.06.25 03:19:35 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{12BE9D41-6571-426D-8F99-5D47ABD427E6}
[2012.06.24 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{64CB9916-F4C3-43B2-8A42-1F867F376BC8}
[2012.06.24 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{ABBF8264-4E08-4B5D-984D-0B7DF7D5FE24}
[2012.06.23 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{D0483FE7-AA40-4B6E-B4F8-3759F27E82CD}
[2012.06.23 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{50F5E7F1-FDC9-497E-B75C-FC71D491BFC2}
[2012.06.22 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{5E74F301-1781-4FD9-B5E7-1FEBE9EB4108}
[2012.06.22 08:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sage Group
[2012.06.22 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{A9EF716B-2841-4BEC-AF17-B485A1B7CD2F}
[2012.06.21 18:17:23 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 18:17:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 18:17:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 18:17:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 18:17:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 18:17:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 18:17:01 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 18:17:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.21 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{DEAFCEBA-3C96-4B78-B215-26EAECE84032}
[2012.06.21 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{6B0D771B-B491-446A-A2C0-A59C94061DE4}
[2012.06.20 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{38094B65-14CB-43D7-9BC4-F4468D782F2A}
[2012.06.20 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{3CA90309-6359-4C2F-84A0-58865C1032C9}
[2012.06.19 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{8EB5FBC3-5883-4AC3-A574-0B59985636F5}
[2012.06.19 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{87D02B1F-181C-4829-8817-B88859E3F3FD}
[2012.06.18 17:34:16 | 000,000,000 | ---D | C] -- C:\Users\Gavin\Desktop\Reventa
[2012.06.18 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{692591E4-5D78-413F-9ABA-71CBEE8F4D36}
[2012.06.18 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{9093920B-4E47-416A-8F31-2335C52D7E5C}
[2012.06.17 15:20:24 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{EE335579-3949-44EF-9F7E-85E69E9A23DA}
[2012.06.17 03:20:24 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{BC45738B-8F3F-419C-AD97-529C73E522C4}
[2012.06.16 15:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{28E8CEE0-8D68-43A4-9654-8BCFA606A7C3}
[2012.06.16 03:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{2A5A39ED-6CBF-4D5F-9976-5049F4A2A7E8}
[2012.06.15 15:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{27B43B6C-9D29-4218-87D2-C3339742DC55}
[2012.06.15 03:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{9EA3C008-B396-44EC-9F9C-4E7FDE7D35E3}
[2012.06.14 15:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{C7AC7F5F-DEF4-44E5-B060-741B96445CFC}
[2012.06.14 12:32:07 | 000,000,000 | ---D | C] -- C:\Users\Gavin\Desktop\Florida 2012
[2012.06.14 03:20:50 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{BAB5DAC3-4C12-4B1A-9114-6E32FF8E7C76}
[2012.06.13 15:20:52 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{E746EC13-FDB3-49D5-A7CE-5888503191F5}
[2012.06.13 03:00:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 03:00:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 03:00:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 03:00:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 03:00:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 03:00:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 03:00:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 03:00:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 03:00:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 03:00:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 03:00:26 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 03:00:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 03:00:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 01:52:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 01:52:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 01:52:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 01:52:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 01:52:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 01:52:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 01:52:35 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 01:52:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 01:52:27 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.11 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{A4021844-5273-48DD-B751-AD44DF13BF72}
[2012.06.11 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{C59FC4C8-7A49-4EE7-987B-94BD1AB8C700}
[2012.06.10 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{1DA55026-3AEA-4725-BDFF-2FF73814659E}
[2012.06.10 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{5B5DE58E-E4B9-4EC5-92F7-372222456992}
[2012.06.09 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{FF921F6F-48D6-4870-B5E6-694D91D54A24}
[2012.06.09 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{07C4BDF1-C84E-472A-BA54-F8B82D58061F}
[2012.06.08 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{217ACC7E-626C-455C-84DA-CCD48A1BF82C}
[2012.06.08 00:55:04 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{70E0C773-A3D8-4BDE-A4E3-3CD5BA1B4AA6}
[2012.06.07 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{53788067-35CE-4917-9CD1-B739695C51A4}
[2012.06.07 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{4B45B4E3-77BB-475E-8A4F-1D2C60CCEB2C}
[2012.06.06 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{D364C0C2-72BD-4DB7-9F3F-78516F1C7431}
[2012.06.06 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{6F0A2D85-010C-442D-BD00-CEF770140593}
[2012.06.05 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{5B0AC3F2-D0FE-4312-891A-BCA8998CE1C5}
[2012.06.05 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{D414E000-7151-4444-851A-6F5597FA0362}
[2012.06.04 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{FC50FA02-87B8-4CA9-850B-348EE9EA8CB1}
[2012.06.04 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{7B6EEF99-BCC0-45D3-8AD5-AC39FDC3A28B}
[2012.06.03 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{DD3BBC5A-33E1-4F14-990E-68EA8964C828}
[2012.06.03 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{909698BF-2CED-4A95-9A3B-370112C8E1D5}
[2012.06.02 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{B4F08B44-E497-409B-98CE-65C07F5A97DB}
[2012.06.02 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{908F3C88-E2EA-498B-A6A7-C27AD85D6BB7}
[2012.06.01 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{F7A64EB2-0EC6-46B0-B559-6E1F20E4E1E3}
[2012.06.01 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{6D36558F-09DD-4D8E-AF62-544BCB66BAEF}
[2012.05.31 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{DDF2785C-565E-4646-9974-CA2CB4F6ABB0}
[2012.05.31 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{626C7A24-37CB-4111-8B0E-06567BF1379E}
[2012.05.30 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{70F12228-3DAC-4552-B06A-25F2998C760C}
[2012.05.30 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{7A8DAEBC-FE8C-469D-9170-E691E9788922}
[2012.05.29 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{DA86A983-26FA-4EDC-9FEC-301C9287676B}
[2012.05.29 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Gavin\AppData\Local\{22FADA8C-4976-49C3-AF20-A86BFF021BDA}
[1 C:\Users\Gavin\Documents\*.tmp files -> C:\Users\Gavin\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ==========
[2012.06.27 20:30:57 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.27 20:30:57 | 000,698,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.27 20:30:57 | 000,654,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.27 20:30:57 | 000,148,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.27 20:30:57 | 000,121,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.27 20:30:25 | 000,025,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:30:25 | 000,025,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:28:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.27 20:28:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.27 20:25:25 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.06.27 20:24:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.06.27 20:24:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 20:24:24 | 3890,388,990 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.27 20:12:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-248049878-2632183135-414087019-1000UA.job
[2012.06.27 18:42:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 18:39:27 | 000,000,278 | ---- | M] () -- C:\Users\Gavin\Desktop\rk-proxy.reg
[2012.06.27 18:38:20 | 001,012,656 | ---- | M] () -- C:\Users\Gavin\Desktop\rkill.com
[2012.06.27 17:46:22 | 001,324,869 | ---- | M] () -- C:\Users\Gavin\Desktop\Ultramar Wandplaner2013a.cdr
[2012.06.27 17:25:14 | 000,028,211 | ---- | M] () -- C:\Users\Gavin\Desktop\Schnappband.jpg
[2012.06.27 13:02:17 | 000,097,941 | ---- | M] () -- C:\Users\Gavin\Desktop\LI201206_0171 27.06.pdf
[2012.06.27 13:00:44 | 001,414,662 | ---- | M] () -- C:\Users\Gavin\Desktop\Kennzeichenhalter.pdf
[2012.06.27 12:54:16 | 000,277,536 | ---- | M] () -- C:\Users\Gavin\Desktop\Kennzeichen_Huelsta.eps
[2012.06.27 09:39:21 | 000,089,869 | ---- | M] () -- C:\Users\Gavin\Desktop\Bestellung - Interhydraulik 27.06.12.pdf
[2012.06.27 09:36:00 | 000,098,141 | ---- | M] () -- C:\Users\Gavin\Desktop\LI201206_0169 27.06.pdf
[2012.06.27 09:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-248049878-2632183135-414087019-1000Core.job
[2012.06.26 15:35:38 | 000,388,894 | ---- | M] () -- C:\Users\Gavin\Desktop\Focus.pdf
[2012.06.25 19:14:55 | 000,090,161 | ---- | M] () -- C:\Users\Gavin\Desktop\Bestellung - Hülsta SLC 25.06.12.pdf
[2012.06.25 18:55:05 | 000,028,646 | ---- | M] () -- C:\Users\Gavin\Desktop\evolution.jpg
[2012.06.13 03:30:38 | 006,025,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 04:13:33 | 000,002,359 | ---- | M] () -- C:\Users\Gavin\Desktop\Google Chrome.lnk
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Users\Gavin\Documents\*.tmp files -> C:\Users\Gavin\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ==========
[2012.06.27 18:42:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 18:39:27 | 000,000,278 | ---- | C] () -- C:\Users\Gavin\Desktop\rk-proxy.reg
[2012.06.27 18:38:16 | 001,012,656 | ---- | C] () -- C:\Users\Gavin\Desktop\rkill.com
[2012.06.27 17:46:21 | 001,324,869 | ---- | C] () -- C:\Users\Gavin\Desktop\Ultramar Wandplaner2013a.cdr
[2012.06.27 17:25:14 | 000,028,211 | ---- | C] () -- C:\Users\Gavin\Desktop\Schnappband.jpg
[2012.06.27 13:02:17 | 000,097,941 | ---- | C] () -- C:\Users\Gavin\Desktop\LI201206_0171 27.06.pdf
[2012.06.27 12:54:14 | 000,277,536 | ---- | C] () -- C:\Users\Gavin\Desktop\Kennzeichen_Huelsta.eps
[2012.06.27 09:39:21 | 000,089,869 | ---- | C] () -- C:\Users\Gavin\Desktop\Bestellung - Interhydraulik 27.06.12.pdf
[2012.06.27 09:35:59 | 000,098,141 | ---- | C] () -- C:\Users\Gavin\Desktop\LI201206_0169 27.06.pdf
[2012.06.26 15:35:05 | 000,388,894 | ---- | C] () -- C:\Users\Gavin\Desktop\Focus.pdf
[2012.06.26 12:27:50 | 001,414,662 | ---- | C] () -- C:\Users\Gavin\Desktop\Kennzeichenhalter.pdf
[2012.06.25 19:14:55 | 000,090,161 | ---- | C] () -- C:\Users\Gavin\Desktop\Bestellung - Hülsta SLC 25.06.12.pdf
[2012.06.25 18:55:08 | 000,028,646 | ---- | C] () -- C:\Users\Gavin\Desktop\evolution.jpg
[2012.01.16 10:27:14 | 000,099,840 | ---- | C] () -- C:\Windows\IMGMSGMO.dll
[2011.12.16 14:59:39 | 000,000,600 | ---- | C] () -- C:\Users\Gavin\AppData\Roaming\winscp.rnd
[2011.09.15 09:36:52 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011.09.15 09:36:51 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.15 09:36:51 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.09.15 01:30:31 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.15 01:28:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.15 01:18:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.15 00:08:50 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.15 00:08:43 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2011.09.15 00:08:43 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2011.09.14 22:19:25 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.14 21:26:09 | 000,001,067 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.06.15 11:57:00 | 000,056,262 | ---- | C] () -- C:\Users\Gavin\test3.pdf
[2007.11.21 10:58:15 | 001,406,072 | ---- | C] () -- C:\Users\Gavin\.b2log
[2006.10.13 16:16:01 | 000,008,614 | ---- | C] () -- C:\Users\Gavin\gsview32.ini
[2004.10.13 11:08:36 | 000,000,030 | ---- | C] () -- C:\Users\Gavin\Vollbackup.bks
< End of report >
| ********************************************************** OTL Extras Logfiles Zitat:
OTL Extras logfile created on: 27.06.2012 20:44:14 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\XXXX\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,50 Gb Total Physical Memory | 12,85 Gb Available Physical Memory | 82,94% Memory free
30,99 Gb Paging File | 28,05 Gb Available in Paging File | 90,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 68,15 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 301,28 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive E: | 345,57 Gb Total Space | 345,48 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 974,30 Mb Total Space | 530,06 Mb Free Space | 54,40% Space Free | Partition Type: FAT32
Drive L: | 1,87 Gb Total Space | 1,86 Gb Free Space | 99,68% Space Free | Partition Type: FAT
Computer Name: XXXX-PC_2011 | User Name: XXXX| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02054006-245A-40EB-AD9D-F7CE6447B3ED}" = lport=445 | protocol=6 | dir=in | app=system |
"{047ACBD4-E8CE-432C-A93A-F5D0E0164768}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0664D5AD-FFB7-4B53-88DE-1F5BA69A6CA4}" = lport=138 | protocol=17 | dir=in | app=system |
"{07D41045-4FEB-41A8-AB73-4A81275986FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C18BBA9-2103-4A49-BF7B-FE4D2BA384A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{209D7C7D-1529-40EA-B09B-EDC1796CADC7}" = rport=137 | protocol=17 | dir=out | app=system |
"{26F0F2C5-78EC-477F-88C6-55E11E4D329F}" = rport=138 | protocol=17 | dir=out | app=system |
"{27A80064-7AD8-4C75-BBA5-2EC3DA47B56F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2EB3FBD1-16A4-4164-B5C4-B676B8CAF6AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F5A5713-BBBA-4A54-8A8D-1C39995B23CC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31CA8475-42C3-4AEA-AA93-0C0B523B1D8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3337EB97-B75E-4659-AFFC-2D61BDD17844}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{382C3CF3-371D-4CD8-8B0C-7A888FBE9A57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46D318EA-1134-4CEB-8AC8-5CFB693BE8CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5519F79A-81B1-4CB0-83CE-013633DB2629}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{583F1239-4C97-407D-88AE-73C5B7EF1979}" = lport=3389 | protocol=6 | dir=in | app=system |
"{7928E719-9E1E-48D4-BE17-8E7386492866}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A7B1907-481B-4176-96C2-D447D073EDE5}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F09FA20-172C-43DE-B138-20F215787B84}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8BB9AA74-30D6-4627-9CD7-FEA47C35512B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CE841A1-64E4-4258-B328-1BDB27356B74}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{9CAFC70F-EB0E-4E6F-8D45-2D8B9B3BA29D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D2576B2-DA5C-4248-97EB-5153B723E0EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EA7E845-42E0-45A1-8198-47FD59548E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A00490D4-8539-448A-B34C-0DC0FE99B296}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6663D7A-6A5C-409D-BDB2-D4DD3430B743}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A6DF0F3E-D069-4BF8-AADE-7935408ACF58}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC4597E4-E00B-4773-AF0D-80034F52560E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C09A4D08-F68F-423C-9FD5-27AB348AACFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D223E4BC-38FB-4C2A-9A03-D0FB7BD4F4B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D84977C5-2420-4FE3-B8E1-52D83A69B909}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DBC53146-75FE-4D93-9D5C-B75D464BF440}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3919BBF-E88D-411F-844E-05DFD9D5E40A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E45B8DF1-4B01-495E-BCA1-1814CC600C14}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F3B01189-5B26-4471-92B6-5AED653ED3AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FBBCE6A3-A0B2-49A7-9500-68FC1EC8D335}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEBA85A5-393F-46D0-9BC4-82B8B9CCE07E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09074807-7934-4C58-8553-A82C40C05377}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14FA7651-44BD-46F8-B364-506388FE89A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16DA7E0C-60E5-421E-8448-5BB76916B80F}" = protocol=6 | dir=out | app=system |
"{1B5511BF-6623-483A-B697-45DE3C3AB142}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{1C28EF5F-4C70-4ACB-A440-BA9D550E7253}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{201EC086-ACED-4968-878E-4B3A40737077}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{26B1E489-69BE-4532-A320-50087ABDCFD2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29F76A8C-7598-4367-9601-B99907681F8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D715C9C-60BF-4CFA-B665-610F2E336ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3B4E3928-30C1-4740-8F31-B1D03EBF0627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47089B6A-DEA5-4A5D-B8CD-ADE22EA93946}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{475018F6-7705-477F-9701-CCA5E7B058DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A3016BF-9DC5-4E06-9132-11837CFF67D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52767B7F-D1C6-49FC-98F6-0205C174076F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{52AF5D90-5196-4219-A68E-0B69276B2503}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe |
"{5310A20D-78F0-40CC-BC72-8150E4F1227C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{58EB8B67-DC72-4A71-8EDF-6C6027A4C83B}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsauftrag\gsauftrag.exe |
"{635637B8-B9EF-4BC4-9EF5-BF509B62D7B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{65F66FAE-41ED-4958-9D0F-9B2DDE1C5E80}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsauftrag\gsauftrag.exe |
"{6D05B032-4F57-4805-B38A-BB99F0B81823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F06349B-8D77-438E-85A5-CA5D55A91DA5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73F9D020-B422-40D0-9847-BBEC26482FC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{769B185A-8673-4AAA-84A8-EA6C34DDDF72}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsadressen\gsadressen.exe |
"{7E8F263C-0086-44BF-B211-BE67DD8D0326}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe |
"{83A6A472-82EF-4729-8F85-2047DDC30D12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{845F1586-949D-45B1-88B6-3ECB10F58EEC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86844BCB-861C-4E84-A41F-64F0006D3C84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B2EDC41-6718-40EA-8F8D-AD52BD971775}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9E86544F-108F-4A59-953A-16C9E472DAF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EFF3E24-1531-4BA1-BCED-404F7640870D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9FB53331-5487-4564-A0CA-1EF3A5E7F46B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0739CB6-4CD8-47DE-A0A4-B0F166531601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1A1F52F-81C8-41ED-BF4A-8689865ADD80}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsadressen\gsadressen.exe |
"{A9FC10CA-E98A-4E92-8C79-CCF974E4C460}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AD1B540D-5CF6-44D8-B4D8-F77AF3603CAB}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{AD82B2A3-0B4E-4B54-852B-AC5501485333}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsadressen\gsadressen.exe |
"{B1B5AF76-956C-492F-832F-EF8B3F513420}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0603B90-3325-490B-8E57-D4D2A040C544}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C5E06B7F-0D05-46A8-AD50-8E3B87360E13}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{CD3897D0-D11A-4139-8700-002E4D0474A4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E61E9216-15C4-4BA4-86D3-CAC5775F9AD8}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe |
"{F25EE33E-577F-418C-8217-6071F924655B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F30918F7-CCE7-41C5-829C-9EC585DA3EDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4F1A4B7-C686-4D01-AD37-DAE89CD6DDB5}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe |
"{F6AF5DFA-1F4B-43DD-BE47-7837BF1EE216}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe |
"{FB421D77-AD14-4237-AB77-73D1B3A239A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FC1D2025-1528-4C57-A419-7226EC8C39AE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{1C9EB9DC-47B9-4522-973E-929F9D31DEA8}C:\program files (x86)\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pdf editor\pdfedit.exe |
"TCP Query User{972BD0FC-BD73-48B6-8439-DDBDC28A1962}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{BBE1A6EE-71B8-4059-8574-7081D52699F0}\\server\netzlaufwerk\netzlaufwerk\1 gavin\transfer\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=\\server\netzlaufwerk\netzlaufwerk\1 gavin\transfer\foxit software\pdf editor\pdfedit.exe |
"TCP Query User{F2FBF9A8-E76D-453D-AD98-59345BC42CEC}C:\program files (x86)\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pdf editor\pdfedit.exe |
"UDP Query User{AD91DC32-DDB8-4191-958A-3083A60266CD}\\server\netzlaufwerk\netzlaufwerk\1 gavin\transfer\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=\\server\netzlaufwerk\netzlaufwerk\1 gavin\transfer\foxit software\pdf editor\pdfedit.exe |
"UDP Query User{CC800296-5BB9-4720-991D-2E1E8225AD07}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{DBBEE03F-5357-4A15-BE8B-8680E853C906}C:\program files (x86)\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pdf editor\pdfedit.exe |
"UDP Query User{ECBDEF9C-5F27-49C0-93AA-E40A1CF681D7}C:\program files (x86)\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pdf editor\pdfedit.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{2E415339-7210-4A3B-84EA-E50FE7565F0D}" = gs_x64
"{2F592033-5008-4011-8CC1-7F57531BDE5F}" = eDocPrintPro v3.17.5
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.1
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2C50AD43-5423-4FB2-9BE8-456456A03D1D}" = Sage BankCom
"{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{418D77E2-7B60-48F8-B016-30A32699EE74}" = Splashtop Connect IE
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9480CCD5-BB18-4DF3-AB18-04198B30DD62}" = DELISprint
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FEF7E-50C4-4FC5-8DCD-9F6719B5E49D}" = TEC-IT Barcode Studio 12.1
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E21D37-B157-4245-9C33-179628C47847}" = CorelDRAW Graphics Suite X5 - Premium Fonts
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{BFF5CBD2-4D16-4908-864C-50BA5C10CCD1}" = Sage BankCom
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"6D7E910F-716D-41E2-98A4-29691C352C1A_is1" = Lookeen Version 3.7.3.4482
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DynUpdater" = Dyn Updater
"ESET Online Scanner" = ESET Online Scanner v3
"Fences" = Fences
"Foxit Reader_is1" = Foxit Reader 5.0
"HandBrake" = HandBrake 0.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Natt-Mietnebenkostenrechner 1.1.7" = Natt-Mietnebenkostenrechner 1.1.7
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Outlook Attachment Sniffer_is1" = Outlook Attachment Sniffer 5.0.1.3
"PSPad editor_is1" = PSPad editor
"Sage GS-Adressen" = Sage GS-Adressen
"Sage GS-Auftrag" = Sage GS-Auftrag
"SageDB 5.0" = SageDB 5.0
"softOSD Client" = softOSD Client (Build 1445)
"TeamViewer 7" = TeamViewer 7
"tksuite_tksuite_basic" = AGFEO TK-Suite Basic 3
"VirtualCloneDrive" = VirtualCloneDrive
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"Zebra Font Downloader_is1" = Zebra Font Downloader ========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.06.2012 09:50:43 | Computer Name = Gavin-PC_2011 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001,
Zeitstempel: 0x4f3e2d20 Name des fehlerhaften Moduls: mspst32.dll, Version: 14.0.6117.5000,
Zeitstempel: 0x4f33adc5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003a8f6 ID des fehlerhaften
Prozesses: 0x1c94 Startzeit der fehlerhaften Anwendung: 0x01cd506fa6758675 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: c:\progra~2\micros~1\office14\mspst32.dll Berichtskennung:
96be4fb1-be03-11e1-b793-50e54964d63c
Error - 25.06.2012 15:43:41 | Computer Name = Gavin-PC_2011 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 25.06.2012 20:41:59 | Computer Name = Gavin-PC_2011 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 27.06.2012 08:15:53 | Computer Name = Gavin-PC_2011 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 27.06.2012 12:05:57 | Computer Name = Gavin-PC_2011 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gavin\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.06.2012 12:06:02 | Computer Name = Gavin-PC_2011 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gavin\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.06.2012 12:06:02 | Computer Name = Gavin-PC_2011 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gavin\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.06.2012 12:06:10 | Computer Name = Gavin-PC_2011 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gavin\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.06.2012 14:05:13 | Computer Name = Gavin-PC_2011 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 27.06.2012 14:20:51 | Computer Name = Gavin-PC_2011 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gavin\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 30.03.2012 04:59:07 | Computer Name = Gavin-PC_2011 | Source = SCardSvr | ID = 610
Description =
Error - 30.03.2012 04:59:26 | Computer Name = Gavin-PC_2011 | Source = SCardSvr | ID = 610
Description =
Error - 30.03.2012 09:27:37 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR7 gefunden.
Error - 30.03.2012 09:27:38 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR7 gefunden.
Error - 30.03.2012 09:27:38 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR7 gefunden.
Error - 02.04.2012 02:39:53 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
Error - 02.04.2012 02:39:53 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
Error - 02.04.2012 02:39:54 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
Error - 02.04.2012 02:39:54 | Computer Name = Gavin-PC_2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
Error - 02.04.2012 04:07:10 | Computer Name = Gavin-PC_2011 | Source = SCardSvr | ID = 610
Description =
< End of report >
| ********************************************************
ESET Zitat:
C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application
| |