| |
| |||||||
Log-Analyse und Auswertung: McAffee deaktiviert den Echtzeit-ScanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.10.2012, 17:34
| #1 |
| |  McAffee deaktiviert den Echtzeit-Scan Hallo, ich hab seit gestern das Problem das mein McAffee den Echtzeit-Scann andauernt deaktiviert und sich mein Windows nach ungefähr einer halben Minute im normalen Modus komplett aufhängt (Strg/Alt/Entf funktioniert auch nicht mehr). Im Abgesicherten Modus kommt zwar auch die Nachicht das der Echtzeit-Scan deaktiviert wurde Windows stürtzt aber nicht ab! Ich hab mir Malewarebytes und OTL heruntergeladen und den Laptop gescannt. Malewarebytes hatte mehrere infizierete Datein entdeckt, was glaub ich kein gutes Zeichen ist  Was Jetzt??? Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** ::***s-NOTEBOOK [Administrator] Schutz: Deaktiviert 07.10.2012 19:38:41 mbam-log-2012-10-07 (19-38-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224885 Laufzeit: 5 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Defender (Trojan.Agent) -> Daten: C:\Users\***\AppData\Local\Temp\svchost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\***\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\***\AppData\Roaming\rundll32.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-03-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-04-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-05-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-06-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 08.10.2012 17:47:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 67,31% Memory free 7,36 Gb Paging File | 6,18 Gb Available in Paging File | 84,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 319,47 Gb Free Space | 70,58% Space Free | Partition Type: NTFS Computer Name: ***S-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Eigene Datein\Anwendungen\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Eigene Datein\Anwendungen\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Eigene Datein\Anwendungen\TuneUp\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MOBKbackup) -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (NessusMp60) -- C:\Windows\SysNative\drivers\NessusMp60.sys (Tenable Network Security, Inc.) DRV:64bit: - (NessusSp60) -- C:\Windows\SysNative\drivers\NessusSp60.sys (Tenable Network Security, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (FSProFilter) -- C:\Windows\SysNative\drivers\FSPFltd.sys (FSPro Labs) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:64bit: - (SaiK0CC3) -- C:\Windows\SysNative\drivers\SaiK0CC3.sys (Saitek) DRV:64bit: - (SaiU0CC3) -- C:\Windows\SysNative\drivers\SaiU0CC3.sys (Saitek) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (MOBKFilter) -- C:\Windows\SysNative\drivers\MOBK.sys (Mozy, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Eigene Datein\Anwendungen\TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{3885896D-F126-44FC-8505-83E0AAE80379}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3 FF - prefs.js..extensions.enabledAddons: info@djzig.com:2.0.6 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10013&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Anwendungen\Musik\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Eigene Datein\Anwendungen\VLC Media Power\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.28 12:50:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{59d42255-7f9c-49e5-8e68-a5fd16d06d76}: C:\Eigene Datein\Anwendungen\KeyLemon\extension\{59d42255-7f9c-49e5-8e68-a5fd16d06d76} [2012.10.06 13:18:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Eigene Datein\Anwendungen\Mozilla Firefox\components [2012.09.09 16:19:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Eigene Datein\Anwendungen\Mozilla Thunderbird\components [2012.05.25 16:46:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.09.28 23:04:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Eigene Datein\Anwendungen\Mozilla Firefox\components [2012.09.09 16:19:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Eigene Datein\Anwendungen\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Eigene Datein\Anwendungen\Mozilla Thunderbird\components [2012.05.25 16:46:18 | 000,000,000 | ---D | M] [2011.04.09 20:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.04.09 20:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.06 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cuqc81qk.default\extensions [2012.08.22 12:55:54 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cuqc81qk.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} [2012.04.19 18:44:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cuqc81qk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.25 17:05:24 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cuqc81qk.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} [2012.09.17 15:50:39 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cuqc81qk.default\extensions\info@djzig.com [2012.10.06 12:53:56 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cuqc81qk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.03.29 17:45:00 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cuqc81qk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.05.01 18:32:40 | 000,000,931 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cuqc81qk.default\searchplugins\conduit.xml [2012.10.06 12:53:44 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cuqc81qk.default\searchplugins\sweetim.xml [2012.06.25 16:48:20 | 000,000,000 | ---D | M] (Java Console) -- C:\EIGENE DATEIN\ANWENDUNGEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.28 12:50:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR O1 HOSTS File: ([2012.06.24 15:03:48 | 000,001,535 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 google-analytics.com O1 - Hosts: 127.0.0.1 secure.tune-up.com O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (no name) - {8DA04D15-6AB2-4E6F-95EB-E53B59F84001} - No CLSID value found. O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [KeyLemon LemonScreen] C:\Eigene Datein\Anwendungen\KeyLemon\KLLockEngine.exe () O4:64bit: - HKLM..\Run: [KeyLemon Updater] C:\Eigene Datein\Anwendungen\KeyLemon\KLUpdater.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Anwendungen\Musik\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Eigene Datein\Anwendungen\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC802829-AEDA-4607-99CB-DE19C162D7FF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\dropbox.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\htcupctloader.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\dropbox.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\htcupctloader.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Eigene Datein\Anwendungen\TuneUp\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4f113c65-74fa-11e1-b798-1c75083468e7}\Shell - "" = AutoRun O33 - MountPoints2\{4f113c65-74fa-11e1-b798-1c75083468e7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\_aom.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 17:40:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.08 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.10.08 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.10.06 14:06:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\YourFileDownloader [2012.10.06 13:19:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\KeyLemon [2012.10.06 13:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\KeyLemon [2012.10.06 12:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.10.06 12:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012.09.28 20:29:38 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2012.09.28 20:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2012.09.26 13:33:14 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.21 22:37:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.21 22:37:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.21 22:37:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.21 22:37:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.21 22:37:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.21 22:37:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.21 22:37:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.21 22:37:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.21 22:37:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.21 22:37:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.21 22:37:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.21 22:37:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.21 22:37:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.21 22:37:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.21 22:37:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.17 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LucasArts [2012.09.17 16:42:54 | 277,211,112 | ---- | C] (Cyanide ) -- C:\Users\***\Documents\AGOT-patch-1.3.0.0-ALL.exe [2012.09.17 16:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2012.09.17 13:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.17 13:57:25 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.09.17 13:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.17 13:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.17 13:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.09.12 13:26:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys [2012.09.12 13:26:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 13:26:25 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 13:26:23 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 13:26:23 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.09 16:45:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TIPP10 [2012.09.09 16:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.08 17:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 17:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.08 17:38:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 19:40:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 19:40:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 19:17:20 | 000,011,557 | ---- | M] () -- C:\Users\***\Desktop\Klausuren-Jahresplan1213.pdf [2012.10.07 00:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 00:00:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.02 16:42:55 | 001,527,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.02 16:42:55 | 000,664,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.02 16:42:55 | 000,625,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.02 16:42:55 | 000,135,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.02 16:42:55 | 000,110,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.28 20:14:57 | 000,009,728 | ---- | M] () -- C:\Users\***\Desktop\Fachschaft sport 1te FK.wps [2012.09.23 18:05:58 | 004,864,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.22 20:12:05 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.09.21 19:15:30 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.09.21 19:15:30 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.19 14:31:01 | 000,000,317 | ---- | M] () -- C:\Users\***\.dsa4.properties [2012.09.17 16:47:42 | 277,211,112 | ---- | M] (Cyanide ) -- C:\Users\***\Documents\AGOT-patch-1.3.0.0-ALL.exe [2012.09.17 13:57:29 | 000,001,619 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.11 19:34:47 | 000,043,704 | ---- | M] () -- C:\Users\***\Desktop\Tauchtheorie_nur_ABC.pdf [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.07 19:17:20 | 000,011,557 | ---- | C] () -- C:\Users\***\Desktop\Klausuren-Jahresplan1213.pdf [2012.09.28 20:14:49 | 000,009,728 | ---- | C] () -- C:\Users\***\Desktop\Fachschaft sport 1te FK.wps [2012.09.23 18:31:48 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012.09.22 20:12:05 | 000,002,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.09.22 20:12:05 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.09.17 13:57:29 | 000,001,619 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.08.10 23:52:00 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.06.15 18:35:35 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.06.01 21:53:20 | 000,100,600 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.05.05 21:38:59 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.04.19 18:11:29 | 000,002,304 | ---- | C] () -- C:\Users\***\.heldEinstellungen4_1.xml [2012.04.19 18:11:29 | 000,000,317 | ---- | C] () -- C:\Users\***\.dsa4.properties [2012.04.06 17:41:50 | 000,001,795 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT [2012.03.22 19:44:06 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2012.02.12 21:55:10 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.02.12 21:55:10 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.02.12 21:54:51 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.02.12 21:54:00 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.11.24 18:24:00 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.11.20 15:53:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{22BAAAE9-6EE4-494E-845B-6C0BD9711032} [2011.11.18 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{D26E42B9-FF2C-4BAE-B8F6-A6604F808D2C} [2011.11.16 16:33:19 | 000,000,101 | ---- | C] () -- C:\Windows\SAPReg.ini [2011.11.16 16:20:46 | 000,000,023 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat [2011.11.16 16:20:29 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll [2011.11.16 16:18:09 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe [2011.10.12 20:39:47 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.10 18:30:51 | 000,000,043 | ---- | C] () -- C:\Windows\FFS20ChtReg.ini [2011.09.30 18:12:50 | 000,041,153 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2011.09.15 20:43:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{A522A976-60EA-4884-A733-95C4A3554BEB} [2011.09.15 20:03:19 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7D6F971B-F8F3-4EB5-87F2-E6CABDFC3563} [2011.09.15 19:02:18 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.15 19:02:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.02 21:18:05 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B519FAE9-B3F6-4A11-B4E3-57F21D011917} [2011.06.23 19:52:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.06.23 19:35:14 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.05.28 14:12:12 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.05.05 13:51:10 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{5DFB7DF0-9F96-4C19-9E12-53DCF685E2F1} [2011.05.04 16:40:38 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.04.18 15:05:22 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.14 18:18:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.04.09 19:45:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8 @Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:zvXbzpkcsHfZDTLtX7Ia1FbcNj @Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:NxQSiFSsMa8R7jgZrh @Alternate Data Stream - 1005 bytes -> C:\Program Files\Common Files\System:CRTwMaUwcbY6GVKSNFKwDfQ < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.10.2012 17:47:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 67,31% Memory free
7,36 Gb Paging File | 6,18 Gb Available in Paging File | 84,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 319,47 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Computer Name:***S-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Eigene Datein\Anwendungen\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Eigene Datein\Anwendungen\VLC Media Power\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Eigene Datein\Anwendungen\Adobe Premiere Pro\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Eigene Datein\Anwendungen\VLC Media Power\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Eigene Datein\Anwendungen\VLC Media Power\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Eigene Datein\Anwendungen\Adobe Premiere Pro\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Eigene Datein\Anwendungen\VLC Media Power\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B435CA-7575-495F-B4CF-CCCB9C3FCEF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0232DA3A-24B6-4A5A-9C4C-8231BFBE75E1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15D64D5A-5F23-4DD4-85B5-0BC3253857F7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1C6C1E97-F382-438A-9405-6BE10E1ED79A}" = lport=139 | protocol=6 | dir=in | app=system |
"{2060268A-58CB-4CE6-B591-37685F29AB15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{329E6606-078E-4A2F-B836-1D781ADE8509}" = lport=2869 | protocol=6 | dir=in | app=system |
"{374A62A7-E019-40A4-86EF-5F0B15EC0AA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ECD52F3-46A4-46DE-92E1-48F94B02A070}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{56744779-C764-48DE-86EE-395626F40A14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5AFB506B-297B-4E0D-B042-F779459BC611}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5B303209-BA52-4D36-B458-AF52901922B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B647C21-DC1D-48E0-9C0B-EDBDFE5D29A4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{69DF6829-3FF0-4CBA-A729-306B7E1F95D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{738F2C62-8416-43C2-81F8-3A754BC7A1E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BE1AA2B-CB87-4122-BE7F-04C2424D360C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C323E41-BF77-4520-B8A8-9CF0AC8E6913}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FC76F3B-F36C-493D-8BA0-D68EDEC33F38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80CFA653-2956-41B4-BC41-6A3055261603}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80D1C8AF-72B3-4229-A2BD-F9795AABDDB9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{87B69F36-31C6-4CB3-A419-DD13C32538DC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8A0D5F14-2D10-4453-8215-429A7E13B5E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{966DD86F-F30C-493D-AED5-8E314F8165DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B9532DE-502E-48F1-8D16-6CD57B5F82CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BF9B694-1964-4040-ADD2-37D694D26920}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DA0096D-921B-482A-AD0C-35270ACD2EFC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A9DED692-B4F0-4617-B433-96D6BB55FA64}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABFD7E3E-165E-4900-8E12-DBD715BEB516}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADCEBFCF-FA52-4E24-BAFB-C63FDA691AAB}" = rport=139 | protocol=6 | dir=out | app=system |
"{B232642B-404D-469F-BEFF-89857867832D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B68BEEA5-10F3-469F-B7A1-D21459E6880B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC159EB9-A5FC-405A-8FE7-EB3659CB0E90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5EABDCF-EBC6-405C-BF2A-1A7DED03B940}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C62ADB73-E60D-4489-B81B-08B5BACFCB2F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7337347-D548-4398-8537-F0064A655331}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF255BAC-92BE-4CB7-89ED-30CB7A232D72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0BB858D-0930-4FDC-BC19-E200EA61AABA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8927C08-4C61-4B5C-A47C-621E9C03D62C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBFA98DA-D9EC-46CC-AA31-CED8FF398E38}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E46532E1-E9BC-4361-8772-F31E247DAA07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F80CC323-7778-41E7-A4C6-DE9FB80BC364}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0369C8BE-CBE7-496F-9318-32B7B716F016}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{0A56F082-6256-4B54-9010-3222734AC607}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A5923B4-873B-4A93-AA9C-97B4A58EAA63}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\dragon age 2\bin_ship\dragonage2.exe |
"{0BFECAE1-46F4-4EBB-B8E0-07094D9642E8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0E79A960-82F0-4DAE-BE34-1DA2F19FBE02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F46ADD7-464B-4DA6-930A-D2F424D299E8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{10A97588-3A5C-410D-B239-826081511B0A}" = protocol=6 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\assassinscreediigame.exe |
"{10C9EED6-1D61-461E-A823-2E04578C38F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10EB60E5-4593-42C6-AA0A-ACEF2AC19FD2}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\stronghold\shc\stronghold crusader.exe |
"{13AEFC28-91C7-4FFA-BE68-D6F3C883D6EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1682E3E6-CEBE-464D-8D9A-FD7D6084E71A}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\acbmp.exe |
"{18AC3B1E-0747-424B-9F7B-00D1091CD43E}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{1970EF24-97D1-4B98-8C2B-EEA3AA248144}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1B23021B-8D2A-4227-955F-9A657E11543B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C118AB0-1EEC-4BF7-85CB-B8AA3115AF44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1F18151F-A1A4-46A4-920C-9274BA642AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{249B4172-38CC-4AC5-8D36-791ECB2485B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{24E1B046-B7E0-4F72-8C1D-E75DDD05C0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{25CFC5B4-7FC9-4547-8735-6B16D2F49AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2610B6E0-CA35-49CD-8287-E6824754070D}" = protocol=6 | dir=in | app=e:\***\eigene datein\spiele\star wars eaw\gamedata\sweaw.exe |
"{2960EA5C-6E17-4E49-87D2-75B2FE24B5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{2B81193F-5471-4E79-B99B-26A6F5E87AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BD41009-677C-4079-B84B-B16E3BCD33E7}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\acbsp.exe |
"{2D550805-D64F-464C-BB3B-728B40EE7694}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E99F03D-3DDB-4012-A4CA-A76299F850B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30643324-AAC1-480D-A626-A9AA89EF5330}" = protocol=17 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\uplaybrowser.exe |
"{33A62F79-DD53-4DE5-93BB-92A873B6EDB6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{374D1114-4C17-478E-A463-37CB88BCC9AC}" = protocol=17 | dir=in | app=e:\***\eigene datein\spiele\star wars eaw\gamedata\sweaw.exe |
"{377272F6-1380-492D-96CA-2619700EB4C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38AAC042-414C-467E-850C-55E90A17EC69}" = protocol=17 | dir=in | app=g:\***\eigene datein\spiele\game of thrones\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{3B525F9C-8BB9-4B68-8F18-5F93CD9BDD0F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{40028EC8-CF09-4C17-A892-A762B1F688A5}" = protocol=6 | dir=in | app=c:\eigene datein\anwendungen\tobit radio.fx\client\rfx-client.exe |
"{41A35BD1-84CF-4429-9F5A-70B97A41876A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{423A771B-F82F-4810-984F-F6CE48BECC3E}" = protocol=6 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\assassinscreedii.exe |
"{44FD24FF-F9F3-4026-B292-705A6C32E8D6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{475CEB59-55F5-4D39-A18E-435AF9F7C84E}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\assassinscreedbrotherhood.exe |
"{48261622-0E54-4814-9796-8FA2052213A3}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\uplaybrowser.exe |
"{48FED9CB-A558-4795-BB5A-CCFA16FC1173}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A1A15E8-6503-4E8E-83D9-33B1F1A4AEC0}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\uplaybrowser.exe |
"{4A845AB3-3101-4D7D-A4AF-7A8B56D6B0FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B684ABB-6140-4159-A3C3-71055FC85E31}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\assassinscreedii.exe |
"{4F675661-DA30-44ED-BFB7-4AFEFB6E61B5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{53E340AC-39FA-4C00-96EC-473C7ACD70D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{578ECBD5-99C0-4448-8EC5-FB080DD99ED3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58131ABE-091F-4986-ABF8-B7C3E5A8FDBE}" = protocol=17 | dir=in | app=c:\eigene datein\anwendungen\steam\steam.exe |
"{60A8D62B-C481-4192-AC43-38237E07089D}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\acbmp.exe |
"{637A9997-CB41-46AB-ACB6-8C96FB77B48C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{657B8D9E-B6E0-4CFB-93DE-9D6715E10800}" = protocol=17 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\assassinscreedii.exe |
"{6BBF8645-C7BD-4A2B-A93B-5D5BAB7C2511}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6EF7A389-AC4C-4A41-A392-3364BD222C68}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\uplaybrowser.exe |
"{7016B357-65E9-49C3-8557-0BBF11433311}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\uplaybrowser.exe |
"{70582784-2CFA-4C42-A873-8B8B22783C32}" = protocol=6 | dir=in | app=c:\eigene datein\anwendungen\steam\steam.exe |
"{712DF8B1-52D4-44F0-BAEE-58EEE3C0721D}" = protocol=6 | dir=in | app=e:\***\eigene datein\spiele\schlacht um mittelerde\game.dat |
"{73661A6B-7DEE-4844-B0D2-A0A6A071E7B6}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\stronghold\sh2\stronghold2.exe |
"{739C136C-583B-4353-89B6-EBE9C0485235}" = protocol=17 | dir=in | app=e:\***\eigene datein\spiele\schlacht um mittelerde 2\game.dat |
"{743E90F5-3B1A-4969-8B0F-B28547E82306}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{75D9ED60-BC2F-4394-8002-74DF9CC454B7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{766AB3E3-CBAD-41E4-9B15-EC4BD093499E}" = protocol=17 | dir=in | app=g:\***\eigene datein\spiele\sacred ii\system\s2gs.exe |
"{76C0CDDA-325F-41F7-99DC-4338D957E3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{78E6EDBB-2D06-4698-A9D7-D6121B0BF82B}" = protocol=17 | dir=in | app=c:\eigene datein\anwendungen\steam\steam.exe |
"{793B1988-AFA2-4884-BB23-DD043452A0A8}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_dx10.exe |
"{79C8DFBA-07B8-4435-87F8-47A0BCB2EA30}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_launcher.exe |
"{7B7E119E-9E40-4245-9A65-8AF67177CB4F}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7C2FAA82-10D8-4FBA-A9A7-2CD786366C84}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{800D7E24-4459-4AC5-A821-356E3BB740C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8652FACC-E013-4C16-920B-678EA7C90429}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{867AB388-8718-4F11-BFA9-08DBAA245C8A}" = protocol=6 | dir=in | app=g:\***\eigene datein\spiele\sacred ii\system\sacred2.exe |
"{8AB86F0A-2573-47F7-8D2F-8DD4D4027901}" = protocol=17 | dir=in | app=e:\***\eigene datein\spiele\schlacht um mittelerde\game.dat |
"{8C2223EA-FAA2-4A5D-8944-F32084D45737}" = protocol=17 | dir=in | app=g:\***\eigene datein\spiele\sacred ii\system\sacred2.exe |
"{90016310-48AE-4E08-93CC-D90654A4C1E1}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\dragon age 2\dragonage2launcher.exe |
"{930E5310-2149-412F-976E-3CC6071176AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{997DFA63-72BC-430D-9165-9A5D9264CAFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C0632A-1367-40A9-B6E4-B91994705C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{99E339BB-C693-4F40-A863-A458EACB90F2}" = dir=in | app=c:\anwendungen\musik\itunes.exe |
"{9A07C0F6-3030-41DC-9078-EB5701A3D469}" = protocol=6 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\uplaybrowser.exe |
"{9A2B2BAA-2653-436D-948C-B521A4E1BF8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A0A51635-9968-4498-B1C9-897F1F347F31}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\assassinscreediigame.exe |
"{A5808B7B-A45B-426C-98F0-BB4EF90D533E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A690DD11-EFB6-43B5-9B52-7CD4F09D38D6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A73907C0-0B10-4F2D-92AB-D0EBA4949811}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A906E562-C803-447D-BA23-C64D4B4697E7}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{ADA8FCBB-2591-43B2-9617-52ACB4080489}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1861B44-20F8-4C56-807B-9D817DF7DC90}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B2AA0F96-BE30-4EA4-91AD-5C973F9D511C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B35B2FDA-DCEC-4C0B-A430-299D176BFA0A}" = protocol=6 | dir=in | app=g:\***\eigene datein\spiele\game of thrones\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{B416848B-BB99-4479-BD75-EBADC1BC51B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BD5DB0-24D8-44C2-88BC-E34C1D1F2203}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B8DD7CF9-ECB6-476A-8957-948034B297F0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BAE574D9-8D79-48A2-8C8D-A52398492875}" = protocol=6 | dir=in | app=g:\***\eigene datein\spiele\sacred ii\system\s2gs.exe |
"{BBC8B435-38B2-47E7-BD4A-3A2905B1C0E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BEFE504F-B386-42F7-894E-61A382BF5391}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFEA28A8-0607-4089-8C11-0F7FEBA15EBD}" = protocol=6 | dir=in | app=e:\***\eigene datein\spiele\empire earth iii\ee3.exe |
"{C0189CE5-E4D0-415B-8398-54C723671090}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\stronghold\shc\stronghold_crusader_extreme.exe |
"{C2D90FA1-A064-4E99-BA55-3C2B94F2147A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C88BC775-0398-49E3-9964-71185C41C622}" = protocol=17 | dir=in | app=e:\***\eigene datein\spiele\empire earth iii\ee3.exe |
"{CB7D83E9-38E6-4FF2-9007-652723272412}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\assassinscreediigame.exe |
"{CCBA6837-973D-4962-85F2-5AC4945D1857}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDDA9507-A1CE-42C4-A352-331FEAAEF8DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{D021C326-7A33-426E-914F-2A224B2DCFBF}" = protocol=17 | dir=in | app=c:\eigene datein\anwendungen\tobit radio.fx\server\rfx-server.exe |
"{D175D367-810C-4C02-A3EC-B59846231289}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{D549484B-6C00-4A0C-B85C-7A583A221B96}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_dx9.exe |
"{D7F91057-7159-42E0-A6AF-8035C72D2F34}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed ii\assassinscreedii.exe |
"{D83666D8-018A-42A4-85CC-67B0993DA677}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{DA3D724C-9AE6-4DD2-9D34-7F5362202600}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\dragon age 2\bin_ship\dragonage2.exe |
"{DB3AF850-930A-4B25-939E-209BF55AE9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DBEA736D-166B-4E3E-9615-A90CFE40D0E3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DDBB750E-07F8-43F1-8A91-A3826513A2C1}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\stronghold\shc\stronghold crusader.exe |
"{DEE24AAB-C7FE-49E9-9A33-57B533D0A9D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1529EC8-8BD5-40D0-9C34-9DFB8E43095D}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\stronghold\shc\stronghold_crusader_extreme.exe |
"{E2356C26-6B42-48A5-A88C-60EB8F04227C}" = protocol=6 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\assassinscreedbrotherhood.exe |
"{E335E9D6-EA0E-41F2-B779-5ED4F4BFEC4C}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_dx9.exe |
"{E527B536-B9C7-44CA-A791-06A6D3E2E0F6}" = protocol=17 | dir=in | app=c:\anwendungen\spiele\assassins creed ii\assassinscreediigame.exe |
"{EA875CE7-BB81-4D94-BF3E-03170F7FF42C}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\stronghold\sh2\stronghold2.exe |
"{EE9274EE-5A42-4153-9710-95C7F6F1EBCA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EEBB78F7-4E90-406B-ADCA-9D7555F47887}" = protocol=6 | dir=out | app=system |
"{F04F200D-06DF-4873-AD9C-D7164C9F7A5A}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_launcher.exe |
"{F1F5F929-9F4A-440C-8B4D-2D2DBC7CA541}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1FB95A8-15E5-45AB-A84B-DBCF65209797}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4CF1E00-95D5-4FD4-A4F1-4FD1F42E36B6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F53D0692-3C7A-42DA-AE3F-DB560B456789}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{F7F8D2D1-C5C8-4EF7-ACE9-503E9D496384}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\dragon age 2\dragonage2launcher.exe |
"{FB43C8E0-63BD-4E49-A081-8ABC45E4E583}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\zzzzspielständezzzz\assassins creed - brotherhood\assassins creed brotherhood\acbsp.exe |
"{FB452E7F-49D4-4399-9AE8-B96A07585B99}" = protocol=6 | dir=in | app=c:\eigene datein\anwendungen\tobit radio.fx\server\rfx-server.exe |
"{FBA89EB9-F626-49D8-A70F-CC8E196A7510}" = protocol=6 | dir=in | app=e:\***\eigene datein\spiele\schlacht um mittelerde 2\game.dat |
"{FCA8F57E-B6E4-45E7-9416-E09579B826DD}" = protocol=17 | dir=in | app=c:\eigene datein\spiele\battle for wesnoth\bin\assassins creed\assassins creed\assassinscreed_dx10.exe |
"{FD769896-CC1D-4712-994F-E1FC5F0F3327}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAD8FA0-371E-462D-A512-B446B9D5BE64}" = protocol=6 | dir=in | app=c:\eigene datein\anwendungen\steam\steam.exe |
"{FDD91B32-FB72-4487-B6DA-7D3C8A00FBC6}" = protocol=17 | dir=in | app=c:\eigene datein\anwendungen\tobit radio.fx\client\rfx-client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DE32F7E-93D8-4D9F-9449-094A883FCA0A}" = Tenable Nessus (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B0B2F7-1853-464D-B520-CA08F9CA8002}" = Smart Technology Programming Software 7.0.0.26
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KeyLemon" = KeyLemon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}" = Joe
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"conduitEngine" = Conduit Engine
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Drakensang_is1" = Drakensang (Patch Version 1.02)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Studio_is1" = Free Studio version 5.4.8
"Haack Weltatlas CD-ROM_is1" = Haack Weltatlas CD-ROM 1.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSC" = McAfee Total Protection
"NVIDIA.Updatus" = NVIDIA Updatus
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Battle for Wesnoth 1.8.6" = Battle for Wesnoth 1.8.6
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2012 07:25:45 | Computer Name = ***S-NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 946022
Error - 26.05.2012 09:34:08 | Computer Name = ***s-Notebook | Source = VSS | ID = 8194
Description =
Error - 26.05.2012 10:18:10 | Computer Name = ***s-Notebook | Source = Windows Search Service | ID = 1019
Description =
Error - 26.05.2012 10:18:57 | Computer Name = ***s-Notebook | Source = Windows Search Service | ID = 1019
Description =
Error - 26.05.2012 16:56:47 | Computer Name = ***s-Notebook | Source = Application Hang | ID = 1002
Description = Programm FreeVideoDub.exe, Version 2.0.6.412 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 18f4 Startzeit: 01cd3b81e2bfeb43 Endzeit: 12 Anwendungspfad:
C:\Eigene Datein\Anwendungen\Free Studio\Free Studio\Free Video Dub\FreeVideoDub.exe
Berichts-ID:
4bc950f8-a775-11e1-8814-1c75083468e7
Error - 26.05.2012 16:57:29 | Computer Name = ***s-Notebook | Source = Application Error | ID = 1000
Error - 26.05.2012 17:07:16 | Computer Name = ***s-Notebook | Source = Application
Hang | ID = 1002
Description = Programm FreeVideoDub.exe, Version 2.0.6.412 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1460
Startzeit: 01cd3b8361b54b93
Endzeit: 32
Anwendungspfad: C:\Eigene Datein\Anwendungen\Free Studio\Free Studio\Free Video Dub\FreeVideoDub.exe
Berichts-ID: c2f52b97-a776-11e1-8814-1c75083468e7
Error - 26.05.2012 17:09:57 | Computer Name = ***s-Notebook | Source = Application
Error | ID = 1000
Error - 26.05.2012 17:12:38 | Computer Name = ***s-Notebook | Source = Application Error | ID = 1000
Error - 28.05.2012 04:03:03 | Computer Name = ***s-Notebook | Source = VSS | ID
= 8194
Description =
Error - 28.05.2012 09:42:13 | Computer Name = ***s-Notebook | Source = McLogEvent
| ID = 5019
Description = Exception in McShield.Exe!
Exception details follow :
VSCORE.14.4.0.387
Exception Code : 0X00000000C0000005
Exception Address : 0X0000003200200037
Exception Parameters : 2
Param 1 = 0X0000000000000008
Param 2 = 0X0000003200200037
More information :
Error - 28.05.2012 09:42:15 | Computer Name = ***s-Notebook | Source = Application
Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mcshield.exe, Version: 14.4.0.387, Zeitstempel: 0x4ee2c0e2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000003200200037
ID des fehlerhaften Prozesses: 0x858
Startzeit der fehlerhaften Anwendung: 0x01cd3ca7e465b690
Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: eed43114-a8ca-11e1-b5ce-1c75083468e7
Error encountered while reading event logs.
< End of report >
|
|
08.10.2012, 20:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | McAffee deaktiviert den Echtzeit-Scan Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
10.10.2012, 15:47
| #3 |
| | McAffee deaktiviert den Echtzeit-Scan Ok hab hier auch den Log vom Vollscan mit Malewarebytes und ESET.
__________________(auch meine externe Festplatte gescannt) Malewarebytes Vollscann: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.08.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ***S-NOTEBOOK [Administrator] Schutz: Deaktiviert 10.10.2012 14:28:18 mbam-log-2012-10-10 (16-22-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 713965 Laufzeit: 1 Stunde(n), 53 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Eigene Datein\Anwendungen\Augart Video Converter\VideoConverter\German.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. C:\Eigene Datein\Anwendungen\Augart Video Converter\VideoConverter\Russian.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. E:\***\Datensicherung\2012.04.09\Anwendungen\Augart Video Converter\VideoConverter\German.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. E:\***\Datensicherung\2012.04.09\Anwendungen\Augart Video Converter\VideoConverter\Russian.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. E:\***\Datensicherung\2012.06.06\Anwendungen\Augart Video Converter\VideoConverter\German.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. E:\***\Datensicherung\2012.06.06\Anwendungen\Augart Video Converter\VideoConverter\Russian.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=54213a06139eae478217800173eada7b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-09 07:24:09
# local_time=2012-10-09 09:24:09 (+0100, Mitteleuropäische Sommerzeit )
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777214 100 75 932959 2511296 0 0
# compatibility_mode=5893 16776573 100 94 351080 101429100 0 0
# compatibility_mode=8192 67108863 100 0 235 235 0 0
# scanned=503890
# found=2
# cleaned=0
# scan_time=11398
C:\Program Files (x86)\Ubisoft\Crack\sr-aciif.7z a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Ubisoft\Crack\sr-aciif\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
|
|
10.10.2012, 15:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | McAffee deaktiviert den Echtzeit-ScanCode:
ATTFilter C:\Program Files (x86)\Ubisoft\Crack\sr-aciif.7z
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu McAffee deaktiviert den Echtzeit-Scan |
| bho, bonjour, converter, dc3_fexec, error, firefox, flash player, format, home, iexplore.exe, install.exe, launch, logfile, mp3, msiexec.exe, musik, nvpciflt.sys, office 2007, phishing, photoshop, plug-in, problem, realtek, registry, rundll, security, senden, siteadvisor, sketchup, software, svchost.exe, sweetpacks, temp, usb 2.0, windows |
Linear-Darstellung
