|
Plagegeister aller Art und deren Bekämpfung: Ordner "bProtection for Windows" macht was er willWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.11.2012, 16:41 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.12.2012, 23:58 | #17 |
| Ordner "bProtection for Windows" macht was er will So, hab beide Scans durchgeführt. Das Ergebnis von GMER ist leider irgendwie zu lang um es in nem CODE-Tag zu posten, deshalb als Datei im Anhang.
__________________Beim Scannen mit aswMBR ist das Programm beim ersten Scan abgestürzt. Beim Scannen mit der Einstellung "AV Scan" (none) hat's dann bis zum Ende geklappt. Hier das Ergebnis: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-02 21:44:54 ----------------------------- 21:44:54.482 OS Version: Windows 6.0.6001 Service Pack 1 21:44:54.482 Number of processors: 2 586 0x170A 21:44:54.483 ComputerName: BÜRO-PC UserName: *** 21:44:56.307 Initialize success 21:45:04.418 AVAST engine defs: 12120101 21:45:30.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:45:30.732 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3 21:45:31.015 Disk 0 MBR read successfully 21:45:31.017 Disk 0 MBR scan 21:45:31.021 Disk 0 Windows VISTA default MBR code 21:45:31.026 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63 21:45:31.060 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 161792 21:45:31.163 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938429 MB offset 31619072 21:45:31.262 Disk 0 scanning sectors +1953521664 21:45:31.783 Disk 0 scanning C:\Windows\system32\drivers 21:46:21.550 Service scanning 21:46:40.221 Modules scanning 21:47:24.356 Disk 0 trace - called modules: 21:47:24.380 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 21:47:24.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86200520] 21:47:24.386 3 CLASSPNP.SYS[8a80c745] -> nt!IofCallDriver -> [0x85742918] 21:47:24.389 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8571c8e0] 21:47:24.392 Scan finished successfully 22:42:12.198 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat" 22:42:12.229 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt" |
03.12.2012, 13:28 | #18 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
09.12.2012, 17:27 | #19 |
| Ordner "bProtection for Windows" macht was er will So, geschafft. Hier die Log Datei von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-07.01 - *** 09.12.2012 16:52:01.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2009 [GMT 1:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\Mozilla Firefox\searchplugins\search.xml c:\programdata\SPL2B1.tmp c:\programdata\SPL69BA.tmp c:\programdata\SPLAA27.tmp c:\programdata\SPLE08E.tmp c:\programdata\SPLE494.tmp C:\timerintray c:\users\***\AppData\Roaming\Help\coredb\storage c:\users\***\AppData\Roaming\MSA c:\windows\unin0407.exe D:\AUTORUN.INF . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-09 bis 2012-12-09 )))))))))))))))))))))))))))))) . . 2012-12-09 16:03 . 2012-12-09 16:04 -------- d-----w- c:\users\***\AppData\Local\temp 2012-12-09 16:03 . 2012-12-09 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-08 15:56 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-12-08 15:46 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05625C12-553F-4826-8A3E-FA903151CCB5}\mpengine.dll 2012-12-08 15:45 . 2012-12-08 15:46 -------- d-----w- C:\a11620652cd54cb7a848 2012-12-02 20:09 . 2012-12-02 20:09 -------- d-----w- c:\users\***\bProtectorForWindows 2012-12-02 19:00 . 2012-12-02 19:00 -------- d-----w- C:\bcf5bcbe93c4b8bbd8307d4f62 2012-11-29 14:21 . 2012-11-29 14:22 -------- d-----w- C:\6619f01411349f7fa75024cd067871 2012-11-24 22:34 . 2012-11-24 22:34 -------- d-----w- C:\2b2569472d675899af924504 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-31 14:10 . 2012-10-31 14:10 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-10-31 14:10 . 2012-10-31 14:10 138056 ----a-w- c:\windows\system32\atl100.dll 2012-05-19 08:13 . 2012-01-27 22:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 12:01 . 2011-06-01 22:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}] 2012-03-19 17:35 85288 ----a-w- c:\program files\blekkotb_020\blekkotb_019X.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440] "dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912] "dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-02-03 220744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104] "DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-09-10 21:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\bprote~1\21415~1.37\protec~1.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 01:11] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 01:11] . 2012-11-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08] . 2012-11-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08] . 2012-12-09 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_020&u=USERGUID&q= FF - ExtSQL: !HIDDEN! 2009-10-01 12:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) HKCU-Run-avupdate - c:\users\***\AppData\Roaming\mahmud.exe HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe AddRemove-LucasArts' Monkey4 - c:\windows\unin0407.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-12-09 17:04 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\SecuROM\License information*] "datasecu"=hex:15,b9,70,90,f0,0f,71,a4,f1,32,fe,6b,1e,5d,f7,19,b0,2b,10,4f,ad, fa,99,d2,73,21,b8,23,4c,85,78,f2,06,fa,0e,94,22,8d,49,96,e9,82,ed,a1,71,24,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . Zeit der Fertigstellung: 2012-12-09 17:09:41 ComboFix-quarantined-files.txt 2012-12-09 16:09 . Vor Suchlauf: 20 Verzeichnis(se), 600.695.287.808 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 614.374.952.960 Bytes frei . - - End Of File - - FB54E8D50871B9CE9555C98D7C43338F Keine Probleme beim Scannen oder danach. |
09.12.2012, 18:12 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.12.2012, 20:26 | #21 |
| Ordner "bProtection for Windows" macht was er will Und hier das Ergebnis von adwCleaner: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 09/12/2012 um 20:17:55 erstellt # Aktualisiert am 02/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzer : *** - BÜRO-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\bprotector_extensions.sqlite Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\bprotector_prefs.js Ordner Gefunden : C:\ProgramData\bProtectorForWindows Ordner Gefunden : C:\Users\***\bProtectorForWindows Ordner Gefunden : C:\Users\***\Desktop\bProtectorForWindows Ordner Gefunden : C:\Windows\system32\bProtectorForWindows ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\bProtector Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] ***** [Internet Browser] ***** -\\ Internet Explorer v7.0.6001.18639 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v11.0 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\prefs.js Gefunden : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_020&u=U[...] ************************* AdwCleaner[R1].txt - [12400 octets] - [15/10/2012 21:11:57] AdwCleaner[R2].txt - [1661 octets] - [09/12/2012 20:17:55] AdwCleaner[S1].txt - [11672 octets] - [16/10/2012 18:47:14] ########## EOF - C:\AdwCleaner[R2].txt - [1782 octets] ########## |
10.12.2012, 10:17 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
10.12.2012, 16:07 | #23 |
| Ordner "bProtection for Windows" macht was er will So, hier erstmal das Ergebnis von adwcleaner: Code:
ATTFilter # AdwCleaner v2.100 - Datei am 10/12/2012 um 15:33:31 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzer : *** - BÜRO-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\bprotector_prefs.js Gelöscht mit Neustart : C:\ProgramData\bProtectorForWindows Ordner Gelöscht : C:\Users\***\bProtectorForWindows Ordner Gelöscht : C:\Users\***\Desktop\bProtectorForWindows Ordner Gelöscht : C:\Windows\system32\bProtectorForWindows ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\bProtector Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] ***** [Internet Browser] ***** -\\ Internet Explorer v7.0.6001.18639 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v11.0 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zy0ekmia.default\prefs.js Gelöscht : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_020&u=U[...] ************************* AdwCleaner[R1].txt - [12400 octets] - [15/10/2012 21:11:57] AdwCleaner[R2].txt - [1830 octets] - [09/12/2012 20:17:55] AdwCleaner[S1].txt - [11672 octets] - [16/10/2012 18:47:14] AdwCleaner[S2].txt - [1790 octets] - [10/12/2012 15:33:31] ########## EOF - C:\AdwCleaner[S2].txt - [1850 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.12.2012 15:37:33 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,07% Memory free 6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 916,43 Gb Total Space | 572,80 Gb Free Space | 62,50% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 6,73 Gb Free Space | 44,86% Space Free | Partition Type: NTFS Computer Name: BÜRO-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks) PRC - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\Dell V305\dldtmsdmon.exe () PRC - C:\Programme\Dell V305\dldtmon.exe () PRC - C:\Windows\System32\dldtcoms.exe ( ) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\27eaca82076bc4478f5bfcaeb5cf619d\MenuSkinning.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0868e07af5399e58078c7e252545a277\VistaBridgeLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\c31d3b435c5a131be0e2194b1cbf6e06\DellDock.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\03d071f52aaf45436629f91584eb96c1\MyDock.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\PSTVdsDisk.dll () MOD - C:\Programme\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Programme\Dell DataSafe Online\SdbShared.dll () MOD - C:\Programme\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Programme\Dell DataSafe Online\SdbUI.dll () MOD - C:\Programme\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Programme\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Programme\Dell DataSafe Online\CppUtils.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Dell V305\dldtmsdmon.exe () MOD - C:\Programme\Dell V305\dldtmon.exe () MOD - C:\Programme\Dell V305\app4r.monitor.core.dll () MOD - C:\Programme\Dell V305\app4r.monitor.common.dll () MOD - C:\Programme\Dell V305\app4r.devmons.mcmdevmon.dll () MOD - C:\Programme\Dell V305\dldtdrs.dll () MOD - C:\Programme\Dell V305\dldtscw.dll () MOD - C:\Programme\Dell V305\dldtcaps.dll () MOD - C:\Programme\Dell V305\dldtmonr.dll () MOD - C:\Programme\Dell V305\dldtcfg.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Programme\Dell V305\dldtcnv4.dll () MOD - C:\Programme\Dell V305\dldtdatr.dll () ========== Services (SafeList) ========== SRV - (0243381355067586mcinstcleanup) -- C:\Windows\TEMP\024338~1.EXE File not found SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (dldtCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe () SRV - (dldt_device) -- C:\Windows\System32\dldtcoms.exe ( ) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mfeavfk01) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{794CC25A-E274-4077-A627-65A355864C16}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes\{794CC25A-E274-4077-A627-65A355864C16}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}:1.3.19.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.12.10 15:38:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.19 09:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.30 22:19:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.08 16:58:34 | 000,000,000 | ---D | M] [2011.07.17 12:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.07.17 12:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.29 15:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions [2011.03.05 20:08:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.26 16:30:53 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} [2012.01.27 23:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.19 09:13:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2012.03.04 19:35:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.04 19:35:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.04 19:35:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.04 19:35:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.04 19:35:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.04 19:35:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.09 17:03:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120829171946.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (blekko search bar) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Programme\blekkotb_020\blekkotb_019X.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe () O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat () O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39CC662D-6A20-4FED-825D-D0B2AB1A6221}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21415~1.37\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.10 15:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.12.10 15:34:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows [2012.12.09 17:09:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.09 17:09:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2012.12.09 17:09:47 | 000,000,000 | ---D | C] -- C:\bProtectorForWindows [2012.12.09 16:47:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.09 16:47:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.09 16:47:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.09 16:47:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.09 16:47:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.09 16:40:20 | 005,010,414 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.08 16:56:42 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys [2012.12.08 16:45:51 | 000,000,000 | ---D | C] -- C:\a11620652cd54cb7a848 [2012.12.02 20:00:03 | 000,000,000 | ---D | C] -- C:\bcf5bcbe93c4b8bbd8307d4f62 [2012.12.02 19:55:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.29 15:21:45 | 000,000,000 | ---D | C] -- C:\6619f01411349f7fa75024cd067871 [2012.11.24 23:34:16 | 000,000,000 | ---D | C] -- C:\2b2569472d675899af924504 [2010.01.12 20:03:09 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2012.12.10 15:39:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.12.10 15:34:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.10 15:34:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 15:34:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 15:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.10 15:34:45 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2012.12.10 15:34:14 | 000,001,034 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.10 15:31:18 | 000,545,819 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.10 15:22:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.09 17:03:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.09 16:40:57 | 005,010,414 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.02 23:51:35 | 000,058,778 | ---- | M] () -- C:\Users\***\Desktop\GMER_LOG.zip [2012.12.02 22:42:12 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.12.02 20:01:18 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\509y08cl.exe [2012.12.02 19:56:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.29 16:16:30 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.11.29 15:49:00 | 000,002,735 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.24 23:28:19 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.11.24 23:27:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.11.24 23:27:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.11.18 23:31:29 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.18 23:31:29 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.18 23:31:29 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.18 23:31:29 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.12.10 15:32:37 | 000,545,819 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.09 16:47:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.09 16:47:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.09 16:47:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.09 16:47:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.09 16:47:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.02 23:51:34 | 000,058,778 | ---- | C] () -- C:\Users\***\Desktop\GMER_LOG.zip [2012.12.02 22:42:12 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.12.02 20:01:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\509y08cl.exe [2012.11.18 23:34:15 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.10.07 15:26:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.05.15 20:31:31 | 000,211,046 | ---- | C] () -- C:\Users\***\Antrag **** Antrag.pdf [2011.08.11 21:43:16 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.06.29 19:24:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.06.29 19:24:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.04.23 23:52:22 | 000,000,008 | -H-- | C] () -- C:\Users\***\AppData\Local\L8457789110 [2011.01.21 23:53:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.09.18 21:30:19 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.09.18 21:26:12 | 000,175,616 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.11 08:00:41 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und das zweite Logfile von OTL (Extras.txt): OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.12.2012 15:37:33 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,07% Memory free 6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 916,43 Gb Total Space | 572,80 Gb Free Space | 62,50% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 6,73 Gb Free Space | 44,86% Space Free | Partition Type: NTFS Computer Name: BÜRO-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{079FD4DE-DC19-4404-9F61-05790E718CE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{12546D2A-A88E-4282-95C6-6E6D5E7AF693}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{22F260BB-3576-44E6-8E5F-08C0FA9369DD}" = lport=80 | protocol=17 | dir=in | name=receiver | "{31D53028-76E0-4913-AF0C-74C80B70F051}" = rport=10243 | protocol=6 | dir=out | app=system | "{32A1FDB5-300F-498E-AE31-6430C3DDFCF1}" = rport=137 | protocol=17 | dir=out | app=system | "{3319912E-4022-4B60-A3B5-AA937CA7B199}" = lport=2869 | protocol=6 | dir=in | app=system | "{43DC0B1F-6C75-4287-9DBD-6934F6DA5C04}" = rport=139 | protocol=6 | dir=out | app=system | "{53D8F01C-2515-47B9-8E37-F10CC9A37FB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72714D68-0EA6-47B8-B520-321481388ABD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8237E849-E26E-4C7A-9A02-A5A30E8FF83C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{932470C7-BFF7-421A-A6B2-10149961195B}" = lport=2869 | protocol=6 | dir=in | app=system | "{A559B4D0-1C98-4889-8463-C9106DD20758}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AAF75F21-2A3B-4B12-9B28-3BF095AD5129}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B227456B-158C-4A15-866F-6C72077738E5}" = lport=139 | protocol=6 | dir=in | app=system | "{CCA4353B-ADEB-4118-BDBD-DEDC3C850035}" = rport=138 | protocol=17 | dir=out | app=system | "{CF4CE158-77A8-4197-96EB-6DD8352C0B00}" = lport=138 | protocol=17 | dir=in | app=system | "{D0D81549-3396-44A4-B808-F62B2CE78590}" = rport=445 | protocol=6 | dir=out | app=system | "{D5429371-803F-4155-B017-9791F30462BE}" = lport=445 | protocol=6 | dir=in | app=system | "{D8C365A0-80C1-4272-B17E-9C448371AD8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E23BB5B2-21E3-4DB1-BD34-F2A44AE2C5FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ECE25BE3-C9C6-4BCB-93E8-D8FD7E5C3F0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{F27D466E-47E3-4B25-8113-E069F19F3622}" = lport=10243 | protocol=6 | dir=in | app=system | "{F27D5CD6-B255-481D-9E2F-BFA2A2445375}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{020D2969-F13F-4996-A4DD-EDA88A3BDB5D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{071B7923-9A3B-454F-9F2F-0F67F3904A5A}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{0A45F96E-EE12-4CEB-8C41-7A10D309C1B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0F2BE6AE-7A7C-438D-BB59-9214609DA5E0}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{18F8572A-D7DC-4260-AB52-1B90455C2389}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{199B6D89-DFBB-4272-BFF7-421100CF4D52}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "{1C107C1A-B68C-4BF5-AFB7-5CE1BD6C94A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1F078DE4-6D74-45A9-B58B-98123F484144}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{25AF695F-C23D-47E6-854C-266F166FC045}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{261DA95C-AA33-480A-AAB6-8D4E9F6E84B1}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "{2C9F5560-6B61-4552-9317-A1C4594151CA}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{31DC5165-1B8D-4917-B1A8-6BA58818DAC9}" = protocol=6 | dir=in | app=c:\program files\dell v305\netsupp.dll | "{325F2C96-8333-4BD1-932A-12F66352AE14}" = protocol=6 | dir=in | app=c:\program files\technisat\mediaport\mediaport.exe | "{3876A086-D31C-4626-AE2D-3F1100E85A50}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{3B593FBA-3111-468C-AD40-725210F879D7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe | "{44887DFE-049F-446E-927C-2DD0F76647C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{472A765A-E5C2-4256-821D-9CBF84E65988}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{49F5A5BC-DC11-4822-8C4A-7D037610E929}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{4BAF0678-2642-44BD-B0AF-A481F350989E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4CAE3D57-AB34-4595-B65A-D83DF29303EC}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe | "{542B4BD4-845D-469B-BE4E-89789888AE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5717672A-6621-49FC-9256-E40ABD392992}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59A9D8F1-769A-4CC0-9CA8-A24036F0F83E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{5DEBB0BD-0933-4753-8E60-24C62EF7F0C6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{60AE3C3A-3616-4CA2-AFC4-E825863C0127}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62AD5464-3036-4186-9ADC-EB33D2096D43}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6310EC91-D7DC-430F-8010-9EF6D9C0F054}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{648B325F-4804-418D-85BC-D6A02A0BD643}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65272EA4-6860-4EEC-AC20-A8BD3504C32B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6941B5EB-325E-4B98-89DA-C41C7A145378}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "{6D64474B-D825-472C-86F0-F1BDA28E7994}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{7846EFB1-7A27-466C-B03A-ABB0BD8EB725}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{7AA39480-0C95-4E0E-8ED1-613A17C34841}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe | "{8429C5B8-15AE-4C4F-B0F0-BD52770DBA9C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{867CC7B7-214D-4256-A92F-FEE5B7F3883B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "{86B54175-27F4-4661-A6DD-E41BDC795D3E}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{8CD53841-2AF3-4E97-8AAF-721B583CE8E0}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe | "{910A02EB-8EA1-40CA-8874-F9DB786A7CDA}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe | "{953596F5-9625-4027-BD9E-91507EDD754C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9F76788E-5A8E-482A-A4C2-132FE1DE549A}" = protocol=17 | dir=in | app=c:\program files\dell v305\netsupp.dll | "{A2AFE5C1-019A-4AB9-8627-F3230111F373}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe | "{A4DA14CE-58DE-4F9D-8C0E-6C9EA7298BE5}" = protocol=17 | dir=in | app=c:\program files\technisat\mediaport\mediaport.exe | "{A65CE731-60F9-4CE6-B7D7-8BF4C651F74F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A9FB3EB1-FA0D-4F45-865E-1BCFEE561B25}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe | "{AB384FFE-5526-4583-8D52-0C4E623C146D}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe | "{B154E59E-8726-4E17-A780-E41CA5C802A4}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{B24D9E52-2864-4F29-A423-F568F9DC0E2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B4A083D8-7369-4F16-A609-C61D52B3CAB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B5E30D30-5114-44CA-8678-6DC81BF3E646}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B67B8A51-F06A-4850-A4CB-5EAC793BF844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C123ADFE-B6E4-4EF9-A97E-2CF38E15F6DD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe | "{C4F590E0-AE5D-43D3-AF61-4B674F643337}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{CBA05323-00BA-4AA6-AF1B-8ADE4323E1DC}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{CEDBA156-FF2E-48A3-B7BA-8F7770310B4F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{CEFBCFCF-3022-42E0-A73D-76639838C400}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D1C33DED-DD39-4C79-B946-C8594755A549}" = protocol=6 | dir=out | app=system | "{DFB48B6A-50EF-4AD0-BC8A-E4EF6E46356F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E48BE109-C248-4E0C-84AA-7835C1F09EB3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe | "{E5B00193-1E99-46ED-A37F-1070BE6163BF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{E9AB3BFC-8241-46AD-83FE-643BCD0701B9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{EDBF2B19-B309-4B9F-9D0D-D701E8C0C257}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5208DA2-6EF4-4C76-851C-6C53656D5DD2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{F7CF5709-3090-462E-A222-CFE8546AB305}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "TCP Query User{267F1D74-5EA9-48EB-B043-82BC471B6B12}C:\program files\dell v305\frun.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe | "TCP Query User{495B4E6F-7B5E-4B60-8FA8-0126359570E9}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "TCP Query User{5B964673-8D25-4CE8-B516-409317D20112}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6C2AA7CE-7958-4A31-B3F6-E56CEF54952E}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "TCP Query User{98B8DFB4-A136-4A00-8550-D43792EEF55A}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{9DCD40C7-75E4-4A0B-97D4-382AF1A88F60}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "TCP Query User{FDB8F04B-A87A-408B-B4C4-338D8003519D}C:\program files\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "UDP Query User{1A5C6D1E-A6D9-4B6C-912E-C0F26D6D6072}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{2C398C82-7EB7-422A-8590-A7F0B3CA1A0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{60437BE4-48E1-4897-84A8-A553676CA139}C:\program files\dell v305\frun.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe | "UDP Query User{725DB65A-B6B9-4AA3-916A-DAA410A221E9}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "UDP Query User{A8EA4F0F-7E3F-41B6-9834-8433532D150A}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "UDP Query User{B5989A5D-438E-47E3-A32E-873E4BABC416}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "UDP Query User{E5DF9D08-2C6B-49CE-88A7-F9DA7BDF695E}C:\program files\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista "{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese "{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2011 Suite Demo "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{36EEFD4F-E34C-4491-B04A-DB8F85C3A021}" = Diagnostics32 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English "{5441F067-5AF8-4284-9A8C-FD98DF05C981}" = Omron Health Management Software "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime "{60379D61-4F60-4C0D-ADB0-7670BD513AE1}" = Pubs "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0 "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010 "{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1) "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3F9AC0D-3A6D-42F7-8A44-80335A366233}" = Install "{C61E46F5-0699-400B-B9BF-899349F10776}" = Wireless Setup Utility 32 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition "{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins "{DCCB7F99-84DC-6558-1406-AB775DD202BD}" = ccc-utility "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock "{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German "{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11 "{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11 "{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{ED83A136-0255-11D5-ABDE-00E07D81F9B8}" = Schiene und Strasse "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4953044-0533-4F01-B0FC-1D271AB998D8}" = Inkjet Toolbox "{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "blekkotb_020" = blekko search bar "Dell Support Center" = Dell Support Center "Dell V305" = Dell V305 "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "Flight Simulator 8.0" = Microsoft Flight Simulator 2002 "GoToAssist" = GoToAssist 8.0.0.514 "InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles "King" = King "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mediaport" = Mediaport "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "MPE" = MyPhoneExplorer "MSC" = McAfee SecurityCenter "Office14.PRJPROR" = Microsoft Project Professional 2010 "TomTom HOME" = TomTom HOME 2.8.2.2264 "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "Wisepilot_is1" = Wisepilot 4.0 "XMedia Recode" = XMedia Recode 2.2.5.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 10.12.2012 10:20:28 | Computer Name = Büro-PC | Source = HTTP | ID = 15016 Description = Error - 10.12.2012 10:20:50 | Computer Name = Büro-PC | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 10.12.2012 10:22:03 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.12.2012 10:22:03 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.12.2012 10:29:25 | Computer Name = Büro-PC | Source = HTTP | ID = 15016 Description = Error - 10.12.2012 10:30:51 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.12.2012 10:30:51 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.12.2012 10:34:54 | Computer Name = Büro-PC | Source = HTTP | ID = 15016 Description = Error - 10.12.2012 10:36:30 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.12.2012 10:36:30 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
10.12.2012, 16:24 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er willFixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21415~1.37\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll () :Files c:\ProgramData\bProtectorForWindows C:\Windows\System32\bProtectorForWindows ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
10.12.2012, 17:56 | #25 |
| Ordner "bProtection for Windows" macht was er will Hier der Inhalt aus der Texdatei: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found. Registry value HKEY_USERS\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\21415~1.37\protec~1.dll deleted successfully. File move failed. c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll scheduled to be moved on reboot. ========== FILES ========== Folder move failed. c:\ProgramData\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. c:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. C:\Windows\System32\bProtectorForWindows\2.1.415.37 folder moved successfully. C:\Windows\System32\bProtectorForWindows folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 64599977 bytes ->Java cache emptied: 88613193 bytes ->FireFox cache emptied: 61389637 bytes ->Flash cache emptied: 39150 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 538941 bytes Total Files Cleaned = 205,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 12102012_174304 Files\Folders moved on Reboot... File move failed. c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll scheduled to be moved on reboot. Folder move failed. c:\ProgramData\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. c:\ProgramData\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. c:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found. |
10.12.2012, 19:57 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will Ist dieses blekko überhaupt von dir gewollt? Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2012, 20:55 | #27 |
| Ordner "bProtection for Windows" macht was er will Nee, keine Ahnung was das ist. Hab eigentlich was anderes als Startseite. Kann das nur irgendwie nicht wieder richtig einstellen. Wenn ich die Einstellung für die Startseite ändere, ist beim nächsten öffnen leider immer wieder dieses blekko als Startseite eingestellt. Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 11.12.2012 19:55:28 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,29% Memory free 6,21 Gb Paging File | 4,80 Gb Available in Paging File | 77,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 916,43 Gb Total Space | 573,96 Gb Free Space | 62,63% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 6,73 Gb Free Space | 44,87% Space Free | Partition Type: NTFS Computer Name: BÜRO-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks) PRC - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\Dell V305\dldtmsdmon.exe () PRC - C:\Programme\Dell V305\dldtmon.exe () PRC - C:\Windows\System32\dldtcoms.exe ( ) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\27eaca82076bc4478f5bfcaeb5cf619d\MenuSkinning.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0868e07af5399e58078c7e252545a277\VistaBridgeLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\c31d3b435c5a131be0e2194b1cbf6e06\DellDock.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\03d071f52aaf45436629f91584eb96c1\MyDock.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\PSTVdsDisk.dll () MOD - C:\Programme\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Programme\Dell DataSafe Online\SdbShared.dll () MOD - C:\Programme\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Programme\Dell DataSafe Online\SdbUI.dll () MOD - C:\Programme\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Programme\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Programme\Dell DataSafe Online\CppUtils.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Dell V305\dldtmsdmon.exe () MOD - C:\Programme\Dell V305\dldtmon.exe () MOD - C:\Programme\Dell V305\app4r.monitor.core.dll () MOD - C:\Programme\Dell V305\app4r.monitor.common.dll () MOD - C:\Programme\Dell V305\app4r.devmons.mcmdevmon.dll () MOD - C:\Programme\Dell V305\dldtdrs.dll () MOD - C:\Programme\Dell V305\dldtscw.dll () MOD - C:\Programme\Dell V305\dldtcaps.dll () MOD - C:\Programme\Dell V305\dldtmonr.dll () MOD - C:\Programme\Dell V305\dldtcfg.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Programme\Dell V305\dldtcnv4.dll () MOD - C:\Programme\Dell V305\dldtdatr.dll () ========== Services (SafeList) ========== SRV - (0243381355067586mcinstcleanup) -- C:\Windows\TEMP\024338~1.EXE File not found SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (dldtCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe () SRV - (dldt_device) -- C:\Windows\System32\dldtcoms.exe ( ) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mfeavfk01) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{794CC25A-E274-4077-A627-65A355864C16}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes\{794CC25A-E274-4077-A627-65A355864C16}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Blekko" FF - prefs.js..browser.search.order.1: "Blekko" FF - prefs.js..browser.search.selectedEngine: "Blekko" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "^hxxp://blekko\\.com/ws/\\?source=017d87aa.*" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "^hxxp://blekko\\.com/ws/\\?source=.*" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.12.11 19:49:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.19 09:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.30 22:19:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.08 16:58:34 | 000,000,000 | ---D | M] [2011.07.17 12:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.07.17 12:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.29 15:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions [2011.03.05 20:08:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.26 16:30:53 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} [2012.01.27 23:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.19 09:13:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2012.03.04 19:35:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.04 19:35:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.04 19:35:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.04 19:35:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.04 19:35:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.04 19:35:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.10 17:43:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120829171946.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (blekko search bar) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Programme\blekkotb_020\blekkotb_019X.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (blekko search bar) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Programme\blekkotb_020\blekkotb_019X.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe () O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat () O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39CC662D-6A20-4FED-825D-D0B2AB1A6221}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21415~1.37\protec~1.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.11 19:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.12.10 17:43:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows [2012.12.10 17:43:04 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.10 15:46:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bProtectorForWindows [2012.12.09 17:09:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.09 17:09:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2012.12.09 17:09:47 | 000,000,000 | ---D | C] -- C:\bProtectorForWindows [2012.12.09 16:47:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.09 16:47:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.09 16:47:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.09 16:47:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.09 16:47:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.09 16:40:20 | 005,010,414 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.08 16:56:42 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys [2012.12.08 16:45:51 | 000,000,000 | ---D | C] -- C:\a11620652cd54cb7a848 [2012.12.02 20:00:03 | 000,000,000 | ---D | C] -- C:\bcf5bcbe93c4b8bbd8307d4f62 [2012.12.02 19:55:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.29 15:21:45 | 000,000,000 | ---D | C] -- C:\6619f01411349f7fa75024cd067871 [2012.11.24 23:34:16 | 000,000,000 | ---D | C] -- C:\2b2569472d675899af924504 [2010.01.12 20:03:09 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2012.12.11 19:59:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.12.11 19:46:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.11 19:46:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 19:46:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 19:46:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.11 19:45:58 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2012.12.10 18:33:30 | 000,001,034 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.10 17:43:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.12.10 17:22:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.10 15:58:59 | 000,000,008 | -H-- | M] () -- C:\Users\***\AppData\Local\L8457789110 [2012.12.10 15:31:18 | 000,545,819 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.09 16:40:57 | 005,010,414 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.02 23:51:35 | 000,058,778 | ---- | M] () -- C:\Users\***\Desktop\GMER_LOG.zip [2012.12.02 22:42:12 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.12.02 20:01:18 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\509y08cl.exe [2012.12.02 19:56:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.29 16:16:30 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.11.29 15:49:00 | 000,002,735 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.24 23:28:19 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.11.24 23:27:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.11.24 23:27:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.11.18 23:31:29 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.18 23:31:29 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.18 23:31:29 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.18 23:31:29 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.12.10 15:32:37 | 000,545,819 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.09 16:47:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.09 16:47:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.09 16:47:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.09 16:47:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.09 16:47:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.02 23:51:34 | 000,058,778 | ---- | C] () -- C:\Users\***\Desktop\GMER_LOG.zip [2012.12.02 22:42:12 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.12.02 20:01:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\509y08cl.exe [2012.11.18 23:34:15 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.10.07 15:26:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.05.15 20:31:31 | 000,211,046 | ---- | C] () -- C:\Users\***\Antrag **** Antrag.pdf [2011.08.11 21:43:16 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.06.29 19:24:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.06.29 19:24:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.04.23 23:52:22 | 000,000,008 | -H-- | C] () -- C:\Users\***\AppData\Local\L8457789110 [2011.01.21 23:53:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.09.18 21:30:19 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.09.18 21:26:12 | 000,175,616 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.11 08:00:41 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und die Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 11.12.2012 19:55:28 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,29% Memory free 6,21 Gb Paging File | 4,80 Gb Available in Paging File | 77,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 916,43 Gb Total Space | 573,96 Gb Free Space | 62,63% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 6,73 Gb Free Space | 44,87% Space Free | Partition Type: NTFS Computer Name: BÜRO-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1537332811-3382495713-1467414659-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{079FD4DE-DC19-4404-9F61-05790E718CE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{12546D2A-A88E-4282-95C6-6E6D5E7AF693}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{22F260BB-3576-44E6-8E5F-08C0FA9369DD}" = lport=80 | protocol=17 | dir=in | name=receiver | "{31D53028-76E0-4913-AF0C-74C80B70F051}" = rport=10243 | protocol=6 | dir=out | app=system | "{32A1FDB5-300F-498E-AE31-6430C3DDFCF1}" = rport=137 | protocol=17 | dir=out | app=system | "{3319912E-4022-4B60-A3B5-AA937CA7B199}" = lport=2869 | protocol=6 | dir=in | app=system | "{43DC0B1F-6C75-4287-9DBD-6934F6DA5C04}" = rport=139 | protocol=6 | dir=out | app=system | "{53D8F01C-2515-47B9-8E37-F10CC9A37FB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72714D68-0EA6-47B8-B520-321481388ABD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8237E849-E26E-4C7A-9A02-A5A30E8FF83C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{932470C7-BFF7-421A-A6B2-10149961195B}" = lport=2869 | protocol=6 | dir=in | app=system | "{A559B4D0-1C98-4889-8463-C9106DD20758}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AAF75F21-2A3B-4B12-9B28-3BF095AD5129}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B227456B-158C-4A15-866F-6C72077738E5}" = lport=139 | protocol=6 | dir=in | app=system | "{CCA4353B-ADEB-4118-BDBD-DEDC3C850035}" = rport=138 | protocol=17 | dir=out | app=system | "{CF4CE158-77A8-4197-96EB-6DD8352C0B00}" = lport=138 | protocol=17 | dir=in | app=system | "{D0D81549-3396-44A4-B808-F62B2CE78590}" = rport=445 | protocol=6 | dir=out | app=system | "{D5429371-803F-4155-B017-9791F30462BE}" = lport=445 | protocol=6 | dir=in | app=system | "{D8C365A0-80C1-4272-B17E-9C448371AD8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E23BB5B2-21E3-4DB1-BD34-F2A44AE2C5FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ECE25BE3-C9C6-4BCB-93E8-D8FD7E5C3F0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{F27D466E-47E3-4B25-8113-E069F19F3622}" = lport=10243 | protocol=6 | dir=in | app=system | "{F27D5CD6-B255-481D-9E2F-BFA2A2445375}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{020D2969-F13F-4996-A4DD-EDA88A3BDB5D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{071B7923-9A3B-454F-9F2F-0F67F3904A5A}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{0A45F96E-EE12-4CEB-8C41-7A10D309C1B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0F2BE6AE-7A7C-438D-BB59-9214609DA5E0}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{18F8572A-D7DC-4260-AB52-1B90455C2389}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{199B6D89-DFBB-4272-BFF7-421100CF4D52}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "{1C107C1A-B68C-4BF5-AFB7-5CE1BD6C94A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1F078DE4-6D74-45A9-B58B-98123F484144}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{25AF695F-C23D-47E6-854C-266F166FC045}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{261DA95C-AA33-480A-AAB6-8D4E9F6E84B1}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "{2C9F5560-6B61-4552-9317-A1C4594151CA}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{31DC5165-1B8D-4917-B1A8-6BA58818DAC9}" = protocol=6 | dir=in | app=c:\program files\dell v305\netsupp.dll | "{325F2C96-8333-4BD1-932A-12F66352AE14}" = protocol=6 | dir=in | app=c:\program files\technisat\mediaport\mediaport.exe | "{3876A086-D31C-4626-AE2D-3F1100E85A50}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{3B593FBA-3111-468C-AD40-725210F879D7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe | "{44887DFE-049F-446E-927C-2DD0F76647C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{472A765A-E5C2-4256-821D-9CBF84E65988}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{49F5A5BC-DC11-4822-8C4A-7D037610E929}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{4BAF0678-2642-44BD-B0AF-A481F350989E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4CAE3D57-AB34-4595-B65A-D83DF29303EC}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe | "{542B4BD4-845D-469B-BE4E-89789888AE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5717672A-6621-49FC-9256-E40ABD392992}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59A9D8F1-769A-4CC0-9CA8-A24036F0F83E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{5DEBB0BD-0933-4753-8E60-24C62EF7F0C6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{60AE3C3A-3616-4CA2-AFC4-E825863C0127}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62AD5464-3036-4186-9ADC-EB33D2096D43}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6310EC91-D7DC-430F-8010-9EF6D9C0F054}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{648B325F-4804-418D-85BC-D6A02A0BD643}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65272EA4-6860-4EEC-AC20-A8BD3504C32B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6941B5EB-325E-4B98-89DA-C41C7A145378}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "{6D64474B-D825-472C-86F0-F1BDA28E7994}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{7846EFB1-7A27-466C-B03A-ABB0BD8EB725}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{7AA39480-0C95-4E0E-8ED1-613A17C34841}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe | "{8429C5B8-15AE-4C4F-B0F0-BD52770DBA9C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{867CC7B7-214D-4256-A92F-FEE5B7F3883B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "{86B54175-27F4-4661-A6DD-E41BDC795D3E}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{8CD53841-2AF3-4E97-8AAF-721B583CE8E0}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe | "{910A02EB-8EA1-40CA-8874-F9DB786A7CDA}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe | "{953596F5-9625-4027-BD9E-91507EDD754C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9F76788E-5A8E-482A-A4C2-132FE1DE549A}" = protocol=17 | dir=in | app=c:\program files\dell v305\netsupp.dll | "{A2AFE5C1-019A-4AB9-8627-F3230111F373}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe | "{A4DA14CE-58DE-4F9D-8C0E-6C9EA7298BE5}" = protocol=17 | dir=in | app=c:\program files\technisat\mediaport\mediaport.exe | "{A65CE731-60F9-4CE6-B7D7-8BF4C651F74F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A9FB3EB1-FA0D-4F45-865E-1BCFEE561B25}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe | "{AB384FFE-5526-4583-8D52-0C4E623C146D}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe | "{B154E59E-8726-4E17-A780-E41CA5C802A4}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{B24D9E52-2864-4F29-A423-F568F9DC0E2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B4A083D8-7369-4F16-A609-C61D52B3CAB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B5E30D30-5114-44CA-8678-6DC81BF3E646}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B67B8A51-F06A-4850-A4CB-5EAC793BF844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C123ADFE-B6E4-4EF9-A97E-2CF38E15F6DD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe | "{C4F590E0-AE5D-43D3-AF61-4B674F643337}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{CBA05323-00BA-4AA6-AF1B-8ADE4323E1DC}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{CEDBA156-FF2E-48A3-B7BA-8F7770310B4F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{CEFBCFCF-3022-42E0-A73D-76639838C400}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D1C33DED-DD39-4C79-B946-C8594755A549}" = protocol=6 | dir=out | app=system | "{DFB48B6A-50EF-4AD0-BC8A-E4EF6E46356F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E48BE109-C248-4E0C-84AA-7835C1F09EB3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe | "{E5B00193-1E99-46ED-A37F-1070BE6163BF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{E9AB3BFC-8241-46AD-83FE-643BCD0701B9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{EDBF2B19-B309-4B9F-9D0D-D701E8C0C257}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5208DA2-6EF4-4C76-851C-6C53656D5DD2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{F7CF5709-3090-462E-A222-CFE8546AB305}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "TCP Query User{267F1D74-5EA9-48EB-B043-82BC471B6B12}C:\program files\dell v305\frun.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe | "TCP Query User{495B4E6F-7B5E-4B60-8FA8-0126359570E9}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "TCP Query User{5B964673-8D25-4CE8-B516-409317D20112}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6C2AA7CE-7958-4A31-B3F6-E56CEF54952E}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "TCP Query User{98B8DFB4-A136-4A00-8550-D43792EEF55A}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{9DCD40C7-75E4-4A0B-97D4-382AF1A88F60}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "TCP Query User{FDB8F04B-A87A-408B-B4C4-338D8003519D}C:\program files\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe | "UDP Query User{1A5C6D1E-A6D9-4B6C-912E-C0F26D6D6072}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{2C398C82-7EB7-422A-8590-A7F0B3CA1A0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{60437BE4-48E1-4897-84A8-A553676CA139}C:\program files\dell v305\frun.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe | "UDP Query User{725DB65A-B6B9-4AA3-916A-DAA410A221E9}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe | "UDP Query User{A8EA4F0F-7E3F-41B6-9834-8433532D150A}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "UDP Query User{B5989A5D-438E-47E3-A32E-873E4BABC416}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | "UDP Query User{E5DF9D08-2C6B-49CE-88A7-F9DA7BDF695E}C:\program files\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista "{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese "{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2011 Suite Demo "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{36EEFD4F-E34C-4491-B04A-DB8F85C3A021}" = Diagnostics32 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English "{5441F067-5AF8-4284-9A8C-FD98DF05C981}" = Omron Health Management Software "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime "{60379D61-4F60-4C0D-ADB0-7670BD513AE1}" = Pubs "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0 "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010 "{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1) "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3F9AC0D-3A6D-42F7-8A44-80335A366233}" = Install "{C61E46F5-0699-400B-B9BF-899349F10776}" = Wireless Setup Utility 32 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition "{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins "{DCCB7F99-84DC-6558-1406-AB775DD202BD}" = ccc-utility "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock "{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German "{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11 "{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11 "{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{ED83A136-0255-11D5-ABDE-00E07D81F9B8}" = Schiene und Strasse "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4953044-0533-4F01-B0FC-1D271AB998D8}" = Inkjet Toolbox "{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "blekkotb_020" = blekko search bar "Dell Support Center" = Dell Support Center "Dell V305" = Dell V305 "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "Flight Simulator 8.0" = Microsoft Flight Simulator 2002 "GoToAssist" = GoToAssist 8.0.0.514 "InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles "King" = King "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mediaport" = Mediaport "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "MPE" = MyPhoneExplorer "MSC" = McAfee SecurityCenter "Office14.PRJPROR" = Microsoft Project Professional 2010 "TomTom HOME" = TomTom HOME 2.8.2.2264 "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "Wisepilot_is1" = Wisepilot 4.0 "XMedia Recode" = XMedia Recode 2.2.5.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:32:13 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2012 11:34:14 | Computer Name = Büro-PC | Source = Perflib | ID = 1010 Description = Error - 26.11.2012 11:34:17 | Computer Name = Büro-PC | Source = Perflib | ID = 1008 Description = Error - 26.11.2012 11:35:06 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3050 Description = Error - 26.11.2012 11:48:11 | Computer Name = Büro-PC | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 10.12.2012 12:45:19 | Computer Name = Büro-PC | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 10.12.2012 12:46:33 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.12.2012 12:46:33 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.12.2012 13:30:40 | Computer Name = Büro-PC | Source = HTTP | ID = 15016 Description = Error - 10.12.2012 13:31:24 | Computer Name = Büro-PC | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 10.12.2012 13:32:06 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.12.2012 13:32:06 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.12.2012 14:46:09 | Computer Name = Büro-PC | Source = HTTP | ID = 15016 Description = Error - 11.12.2012 14:47:40 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.12.2012 14:47:40 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
11.12.2012, 22:24 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er willFixen mit OTL
Code:
ATTFilter :OTL SRV - (0243381355067586mcinstcleanup) -- C:\Windows\TEMP\024338~1.EXE File not found IE - HKU\S-1-5-21-1537332811-3382495713-1467414659-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} FF - prefs.js..browser.search.defaultenginename: "Blekko" FF - prefs.js..browser.search.order.1: "Blekko" FF - prefs.js..browser.search.selectedEngine: "Blekko" FF - prefs.js..browser.startup.homepage: "^http://blekko\\.com/ws/\\?source=017d87aa.*" FF - prefs.js..keyword.URL: "^http://blekko\\.com/ws/\\?source=.*" FF - user.js - File not found [2012.11.26 16:30:53 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} O2 - BHO: (blekko search bar) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Programme\blekkotb_020\blekkotb_019X.dll () O3 - HKLM\..\Toolbar: (blekko search bar) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Programme\blekkotb_020\blekkotb_019X.dll () O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21415~1.37\protec~1.dll) - File not found :Files C:\Programme\blekkotb_020 C:\bProtectorForWindows c:\progra~2\bprote~1 C:\Users\***\Desktop\bProtectorForWindows C:\Windows\System32\bProtectorForWindows C:\a11620652cd54cb7a848 C:\bcf5bcbe93c4b8bbd8307d4f62 C:\6619f01411349f7fa75024cd067871 C:\2b2569472d675899af924504 C:\Users\***\Desktop\MBR.dat C:\Users\***\AppData\Local\L8457789110 ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
12.12.2012, 18:39 | #29 |
| Ordner "bProtection for Windows" macht was er will Hier der Inhalt der Textdatei: Code:
ATTFilter All processes killed ========== OTL ========== Service 0243381355067586mcinstcleanup stopped successfully! Service 0243381355067586mcinstcleanup deleted successfully! File C:\Windows\TEMP\024338~1.EXE File not found not found. HKEY_USERS\S-1-5-21-1537332811-3382495713-1467414659-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Prefs.js: "Blekko" removed from browser.search.defaultenginename Prefs.js: "Blekko" removed from browser.search.order.1 Prefs.js: "Blekko" removed from browser.search.selectedEngine Prefs.js: "^hxxp://blekko\\.com/ws/\\?source=017d87aa.*" removed from browser.startup.homepage Prefs.js: "^hxxp://blekko\\.com/ws/\\?source=.*" removed from keyword.URL C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\components folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\searchbar folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\options folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\uwa folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\radio folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\js folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\panels folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib\debugbar folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin\lib folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\skin folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\locale\lib folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\locale folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\data\weather folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\data\search folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\data\rss folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\data\dynamicElements folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\data folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.TwitterShortcut folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.FacebookShortcut folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap\css folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets\net.vmn.www.BlekkoMap folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\widgets folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\newtab\images folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\newtab folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\modules folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content\lib folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome\content folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\chrome folder moved successfully. C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zy0ekmia.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\ deleted successfully. C:\Programme\blekkotb_020\blekkotb_019X.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}\ not found. File C:\Programme\blekkotb_020\blekkotb_019X.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\21415~1.37\protec~1.dll deleted successfully. ========== FILES ========== File\Folder C:\Programme\blekkotb_020 not found. C:\bProtectorForWindows\2.1.415.37\traking_settings folder moved successfully. C:\bProtectorForWindows\2.1.415.37 folder moved successfully. C:\bProtectorForWindows folder moved successfully. c:\progra~2\bProtectorForWindows\2.1.415.37 folder moved successfully. c:\progra~2\bProtectorForWindows folder moved successfully. C:\Users\***\Desktop\bProtectorForWindows\2.1.415.37 folder moved successfully. C:\Users\***\Desktop\bProtectorForWindows folder moved successfully. C:\Windows\System32\bProtectorForWindows\2.1.415.37 folder moved successfully. C:\Windows\System32\bProtectorForWindows folder moved successfully. Folder move failed. C:\a11620652cd54cb7a848\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. C:\a11620652cd54cb7a848\bProtectorForWindows scheduled to be moved on reboot. C:\a11620652cd54cb7a848 folder moved successfully. Folder move failed. C:\bcf5bcbe93c4b8bbd8307d4f62\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. C:\bcf5bcbe93c4b8bbd8307d4f62\bProtectorForWindows scheduled to be moved on reboot. C:\bcf5bcbe93c4b8bbd8307d4f62 folder moved successfully. Folder move failed. C:\6619f01411349f7fa75024cd067871\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. C:\6619f01411349f7fa75024cd067871\bProtectorForWindows scheduled to be moved on reboot. C:\6619f01411349f7fa75024cd067871 folder moved successfully. Folder move failed. C:\2b2569472d675899af924504\bProtectorForWindows\2.1.415.37 scheduled to be moved on reboot. Folder move failed. C:\2b2569472d675899af924504\bProtectorForWindows scheduled to be moved on reboot. C:\2b2569472d675899af924504 folder moved successfully. C:\Users\***\Desktop\MBR.dat moved successfully. C:\Users\***\AppData\Local\L8457789110 moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 397941 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 35206489 bytes ->Flash cache emptied: 739 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 34,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 12122012_173817 Files\Folders moved on Reboot... File\Folder C:\a11620652cd54cb7a848\bProtectorForWindows\2.1.415.37 not found! File\Folder C:\a11620652cd54cb7a848\bProtectorForWindows not found! File\Folder C:\bcf5bcbe93c4b8bbd8307d4f62\bProtectorForWindows\2.1.415.37 not found! File\Folder C:\bcf5bcbe93c4b8bbd8307d4f62\bProtectorForWindows not found! File\Folder C:\6619f01411349f7fa75024cd067871\bProtectorForWindows\2.1.415.37 not found! File\Folder C:\6619f01411349f7fa75024cd067871\bProtectorForWindows not found! File\Folder C:\2b2569472d675899af924504\bProtectorForWindows\2.1.415.37 not found! File\Folder C:\2b2569472d675899af924504\bProtectorForWindows not found! C:\Windows\temp\MpSigStub.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
13.12.2012, 14:33 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ordner "bProtection for Windows" macht was er will Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Ordner "bProtection for Windows" macht was er will |
anmelden, anti-malware, code, datei, desktop, ergebnisse, erstellt, festplatte, gelöscht, gmer, griff, kis, langsam, logfile, malwarebytes, melden, namens, neu, ordner, platte, problem, scannen, speicher, thema, windows |