|
Plagegeister aller Art und deren Bekämpfung: DownloadNSave erstellt Links auf allen InternetseitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.11.2012, 19:05 | #1 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo, das Thema wurde hier schon behandelt, allerdings steht auch immer dabei, dass man nicht einfach diesen Schritten folgen sollte, da das Vorgehen bei jedem anders aussehen kann. Deshalb hier meine Beschreibung: Mein PC: HP ProBook 4710 mit Microsoft Windows 7 Home Premium Version 6.1.7601 Service Pack 1 Build 7601 Mein Problem: Seit einigen Wochen erscheinen einzelne Worte auf Internetseiten als Links, unter denen dann unzüchtige Bilder (offensichtlich Links) aufgehen, oder der Text: "Click to Continue > DownloadNSave" Beispiel: Ich habe diese Links noch nicht angeklickt, und das Programm ist offenbar nicht weiter bösartig, aber die Links machen es mir schwer, die echten von den Fakes zu unterscheiden. Auch das Beurteilen der eigenen Homepage fällt mit all diesen Veränderungen schwer. Ich hatte zuerst den Shockwave Flash in Verdacht, denn sobald ich diesen deaktiviere, sind auch die Links weg, aber wahrscheinlich nutzen diese nur die Flash-Technik. Ich habe die drei Schritte durchlaufen, die Ihr vorab empfehlt, und hier sind die Ergebnisse: 1.Defogger scheint nichts gefunden zu haben - es gab keine Fehlermeldung und in der defogger_disable.log steht nur "d" 2.1. OLT.Txt (im Anhang) 2.2. (OLT) Extras.Txt (im Anhang) 3. GMER.log (im Anhang) Ich hoffe, das war alles Wichtige und ich habs richtig gemacht, und ich würde mich freuen, wenn mir jemand helfen kann. Bis die Tage! Vielen Dank im Voraus! Walterle |
19.11.2012, 12:03 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Schon irgendwelche Scans mit anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
19.11.2012, 20:48 | #3 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cosinus,
__________________zu Deiner 1. Frage: der Fehler taucht nur bei Firefox (10.0.1) auf, im IE (9.0.11) ist nichts davon zu sehen (andere Browser hab ich nicht). 2. Ich habe Scans mit den Tools gemacht, die zu Anfang empfohlen werden (Defogger, OTL & GMER), diese jedoch als ZIP angehängt, weil der Text fürs Board zu lang war (Fehlermeldung). Evtl. könnte ich schauen, ob sie einzeln reinpassen, wenn das hilfreich sein sollte. Desweiteren habe ich noch Norton Interner Security laufen, der hat jedoch nichts gefunden. Sonst habe ich noch nichts unternommen und auch am System nichts geändert. Schöne Grüße Walterle |
19.11.2012, 21:34 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen InternetseitenZitat:
1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.11.2012, 22:25 | #5 | ||
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cosinus, mir war gar nicht bewusst, dass es einen neueren Firefox gibt - aber meiner ist tatsächlich 10.0.1 Ich poste hier zuerst den aswMBR-Scan, weiter unten das Ergebnis des TDSS-Killer: Zitat:
Zitat:
Walterle Geändert von Walterle (19.11.2012 um 22:30 Uhr) Grund: 2. Zitat zugefügt |
20.11.2012, 09:52 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten Bitte CODE-Tags und keine Zitat-Tags für die Logs verwenden! adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> DownloadNSave erstellt Links auf allen Internetseiten |
20.11.2012, 18:08 | #7 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cosinus, hier ists: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 20/11/2012 um 18:03:57 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : *** - ***-NOTEBOOK # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : Browser Manager ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Ordner Gefunden : C:\Program Files\SpecialSavings Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\Browser Manager Ordner Gefunden : C:\ProgramData\Codecv Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv Ordner Gefunden : C:\ProgramData\Premium Ordner Gefunden : C:\Users\***\AppData\Local\Conduit Ordner Gefunden : C:\Users\***\AppData\Local\Savings Sidekick Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Users\***\AppData\LocalLow\Codecv Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Savings Sidekick Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SpecialSavings Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\Cr_Installer Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b -\\ Mozilla Firefox v10.0.1 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\prefs.js Gefunden : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...] Gefunden : user_pref("browser.search.selectedEngine", "Claro Search"); Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP[...] Gefunden : user_pref("extensions.4f905a5fb08c2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Gefunden : user_pref("extensions.BabylonToolbar.admin", false); Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=112477"); Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 22); Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", false); Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false); Gefunden : user_pref("extensions.BabylonToolbar.id", "5e2e6a4a00000000000018a905a1d60b"); Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15452"); Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 22); Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:44:09"); Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0"); Gefunden : user_pref("extensions.BabylonToolbar.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Gefunden : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 73662391); Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:44:09"); Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477"); Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "5e2e6a4a00000000000018a905a1d60b"); Gefunden : user_pref("extensions.BabylonToolbar_i.id", "5e2e6a4a00000000000018a905a1d60b"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15452"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=431[...] Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:44:09"); Gefunden : user_pref("extensions.claro.admin", false); Gefunden : user_pref("extensions.claro.aflt", "babsst"); Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Gefunden : user_pref("extensions.claro.dfltLng", "en"); Gefunden : user_pref("extensions.claro.excTlbr", false); Gefunden : user_pref("extensions.claro.id", "5e2e6a4a00000000000018a905a1d60b"); Gefunden : user_pref("extensions.claro.instlDay", "15637"); Gefunden : user_pref("extensions.claro.instlRef", "sst"); Gefunden : user_pref("extensions.claro.prdct", "claro"); Gefunden : user_pref("extensions.claro.prtnrId", "claro"); Gefunden : user_pref("extensions.claro.tlbrId", "claro"); Gefunden : user_pref("extensions.claro.tlbrSrchUrl", ""); Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10"); Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10"); Gefunden : user_pref("extensions.claro_i.smplGrp", "none"); Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:01:04"); Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4312_7&babsrc=KW_clro&mntrId=[...] ************************* AdwCleaner[R1].txt - [12766 octets] - [20/11/2012 18:03:57] ########## EOF - C:\AdwCleaner[R1].txt - [12827 octets] ########## Walterle |
20.11.2012, 18:18 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2012, 21:16 | #9 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cosinus, als erste die Datei nach dem Löschen mit adwCleaner: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 20/11/2012 um 20:40:11 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : *** - ***-NOTEBOOK # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\user.js Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\Program Files\SpecialSavings Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Codecv Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit Ordner Gelöscht : C:\Users\***\AppData\Local\Savings Sidekick Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Codecv Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Cr_Installer Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b --> hxxp://www.google.com Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] -\\ Mozilla Firefox v10.0.1 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\prefs.js C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...] Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP[...] Gelöscht : user_pref("extensions.4f905a5fb08c2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Gelöscht : user_pref("extensions.BabylonToolbar.admin", false); Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112477"); Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 22); Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false); Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false); Gelöscht : user_pref("extensions.BabylonToolbar.id", "5e2e6a4a00000000000018a905a1d60b"); Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15452"); Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 22); Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:44:09"); Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0"); Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 73662391); Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:44:09"); Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477"); Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "5e2e6a4a00000000000018a905a1d60b"); Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "5e2e6a4a00000000000018a905a1d60b"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15452"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=431[...] Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:44:09"); Gelöscht : user_pref("extensions.claro.admin", false); Gelöscht : user_pref("extensions.claro.aflt", "babsst"); Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Gelöscht : user_pref("extensions.claro.dfltLng", "en"); Gelöscht : user_pref("extensions.claro.excTlbr", false); Gelöscht : user_pref("extensions.claro.id", "5e2e6a4a00000000000018a905a1d60b"); Gelöscht : user_pref("extensions.claro.instlDay", "15637"); Gelöscht : user_pref("extensions.claro.instlRef", "sst"); Gelöscht : user_pref("extensions.claro.prdct", "claro"); Gelöscht : user_pref("extensions.claro.prtnrId", "claro"); Gelöscht : user_pref("extensions.claro.tlbrId", "claro"); Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10"); Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10"); Gelöscht : user_pref("extensions.claro_i.smplGrp", "none"); Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:01:04"); Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4312_7&babsrc=KW_clro&mntrId=[...] ************************* AdwCleaner[R1].txt - [12897 octets] - [20/11/2012 18:03:57] AdwCleaner[S1].txt - [12454 octets] - [20/11/2012 20:40:11] ########## EOF - C:\AdwCleaner[S1].txt - [12515 octets] ########## Code:
ATTFilter OTL logfile created on: 20.11.12 20:48:52 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,97 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,13% Memory free 5,93 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 43,14 Gb Free Space | 44,17% Space Free | Partition Type: NTFS Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS Drive E: | 90,00 Gb Total Space | 27,58 Gb Free Space | 30,65% Space Free | Partition Type: NTFS Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Programme\Folder Shield\FSService.exe () PRC - C:\Programme\Folder Shield\fsp.exe () PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\tsnp2std.exe (SONIX) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Windows\System32\emaudsv.exe (E-MU Systems) PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll () MOD - C:\Programme\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3503.18402__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Folder Shield\fsp.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (OS Selector) -- C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (FSService) -- C:\Programme\Folder Shield\FSService.exe () SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation) SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (emaudsv) -- C:\Windows\System32\emaudsv.exe (E-MU Systems) SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121119.001\IDSvix86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121119.022\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121119.022\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1401010.002\SRTSP.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1401010.002\SYMEFA.SYS (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1401010.002\ccSetx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1401010.002\SYMDS.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1401010.002\Ironx86.SYS (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1401010.002\SYMNETS.SYS (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1401010.002\SRTSPX.SYS (Symantec Corporation) DRV - (REN2CAP_DRIVER) -- C:\Windows\System32\drivers\ren2cap.sys () DRV - (afcdp) -- C:\Windows\System32\DRIVERS\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\DRIVERS\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\DRIVERS\snapman.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (hpdskflt) -- C:\Windows\System32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\DRIVERS\Accelerometer.sys (Hewlett-Packard Company) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation) DRV - (synasusb) -- C:\Windows\System32\Drivers\synasusb.sys (Steinberg Media Technologies GmbH) DRV - (htcnprot) -- C:\Windows\System32\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (bxShield) -- C:\Windows\System32\Drivers\bxShield.sys (Alfa Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corporation) DRV - (NETw5s32) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation) DRV - (HTCAND32) -- C:\Windows\System32\Drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (yukonw7) -- C:\Windows\System32\DRIVERS\yk62x86.sys () DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys (IVT Corporation.) DRV - (btnetBUs) -- C:\Windows\System32\Drivers\btnetBus.sys () DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.) DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys (IVT Corporation.) DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\DRIVERS\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\DRIVERS\vwifimp.sys (Microsoft Corporation) DRV - (5U876UVC) -- C:\Windows\System32\DRIVERS\5U876.sys (Ricoh co.,Ltd.) DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (HpqKbFiltr) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (SNP2STD) -- C:\Windows\System32\DRIVERS\snp2sxp.sys () DRV - (emusba10) -- C:\Windows\System32\DRIVERS\emusba10.sys (E-MU Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F E2 0E 26 70 6D CC 01 [binary data] IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4312_6&babsrc=SP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: organize-search-engines@maltekraus.de:1.7 FF - prefs.js..extensions.enabledAddons: 4f905a5fb08bc@4f905a5fb08bd.info:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.11.20 20:46:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.02 19:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012.07.18 19:36:36 | 000,136,026 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 08:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.16 20:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 13:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M] [2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.08 17:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions [2012.07.10 17:41:46 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66} [2012.10.31 17:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.22 14:46:07 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\4f905a5fb08bc@4f905a5fb08bd.info [2012.10.02 09:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\foxmarks@kei.com [2012.10.31 13:02:22 | 000,000,000 | ---D | M] (Winstripe Toolbar Icons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\winstripe@largrizzly [2012.02.06 19:53:17 | 000,263,348 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\langpack-de@firefox.mozilla.org.xpi [2012.03.12 21:59:19 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\organize-search-engines@maltekraus.de.xpi [2012.10.31 13:02:22 | 000,065,701 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\winstripe@largrizzly.xpi [2012.07.25 06:09:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.16 18:44:04 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2012.09.13 19:57:33 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.11.07 22:37:24 | 000,001,276 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\ixquick-https---deutsch.xml [2012.11.07 20:57:04 | 000,002,217 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\s-amazon-de.xml [2012.11.07 22:37:24 | 000,003,712 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\youtube.xml [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.01.02 19:13:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.07 22:37:24 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.07 22:37:24 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.07 22:37:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.07 22:37:24 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.07 20:57:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.07 22:37:24 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Programme\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation) O4 - HKLM..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft) O4 - HKLM..\Run: [fsp] C:\Programme\Folder Shield\fsp.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~2\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {45FE4418-F85F-45F0-BCAA-68C334FA6E08} file:///C:/Users/***/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/AGEphoneGadget.gadget/sipd.ocx (Sipd Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D71AEE-4623-4841-BCCE-C4AE71CF4057}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4E7D4B-DE9B-47A5-82DE-258588830B07}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | -HS- | M] () - S:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 09:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.17 09:08:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.17 09:08:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.17 09:07:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.17 09:07:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.17 09:07:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.17 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.17 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.17 09:04:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.17 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.17 09:04:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.17 09:04:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.17 09:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.17 09:04:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.17 09:00:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.17 09:00:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.17 09:00:52 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.17 09:00:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.17 09:00:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.17 09:00:46 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.17 09:00:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 15:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.11.12 22:19:44 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.11.12 22:19:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.11 16:37:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\bluesoleil [2012.11.11 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation [2012.11.10 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth [2012.11.09 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.11.09 15:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.09 15:06:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.09 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 22:37:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2012.11.07 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DVDVideoSoft_Ltd [2012.11.07 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.11.07 20:57:07 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.11.07 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS [2012.11.06 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Catalog [2012.11.02 17:35:02 | 000,000,000 | ---D | C] -- C:\tmp [2012.11.02 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Catalog [2012.11.02 12:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Catalog [2012.11.02 11:56:45 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.02 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2012.11.02 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2012.10.31 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free [2012.10.31 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\test01 [2012.10.31 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\cef_data [2012.10.31 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\iSpring Solutions [2012.10.31 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Converter [2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iSpring Solutions [2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\iSpring [2012.10.30 10:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg [2012.10.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 6 [2012.10.29 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VoipCheapCom [2012.10.29 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.28 18:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23Live [2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\No23Live [2012.10.28 17:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.28 17:28:41 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.28 17:28:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.28 17:28:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.28 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity [2012.10.27 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity [2012.10.26 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools [2012.10.26 15:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTools [2012.10.26 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SmartTools [2012.10.25 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\QsDriveInfo [2012.10.25 07:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Manufaktur [2012.10.25 07:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z-Cron [2012.10.25 07:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Z-Cron [2012.10.24 20:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Sevenbar [2012.10.24 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.10.24 11:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit [2012.10.24 11:06:31 | 000,000,000 | ---D | C] -- C:\MP3Toolkit [2012.10.23 19:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock [2012.10.23 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock [2012.10.23 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ODUI [2012.10.23 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Stardock [2012.10.23 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Stardock [2012.10.23 16:35:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock [2012.10.23 16:35:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A} [2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock [2012.10.23 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2012.10.22 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass [2012.10.22 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.20 20:50:44 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 20:50:44 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 20:44:32 | 000,005,063 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI [2012.11.20 20:43:18 | 000,000,931 | ---- | M] () -- C:\Windows\System32\bscs.ini [2012.11.20 20:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 20:42:55 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 19:17:21 | 000,712,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.20 19:17:21 | 000,657,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.20 19:17:21 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.20 19:17:21 | 000,125,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.20 18:00:19 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.20 08:46:42 | 001,442,879 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\Cat.DB [2012.11.20 08:46:12 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\VT20121114.016 [2012.11.20 08:44:33 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.20 08:44:33 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.20 08:44:33 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012.11.18 16:20:09 | 000,000,344 | -H-- | M] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c [2012.11.18 16:20:09 | 000,000,344 | -H-- | M] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c [2012.11.17 18:37:06 | 000,000,107 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI [2012.11.17 10:05:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.17 09:57:14 | 000,413,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 10:01:03 | 000,043,008 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.11 18:25:48 | 000,000,208 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI [2012.11.11 17:02:50 | 000,003,475 | ---- | M] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT [2012.11.11 16:44:45 | 000,000,892 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI [2012.11.11 16:33:36 | 000,000,032 | ---- | M] () -- C:\Windows\0 [2012.11.11 16:33:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\BSPRINT.INI [2012.11.10 14:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0 [2012.11.08 18:11:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.08 18:11:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.06 21:15:34 | 000,595,512 | ---- | M] () -- C:\Users\***\Documents\alle.ac [2012.11.02 12:39:39 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk [2012.11.02 11:50:01 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI [2012.10.30 12:01:26 | 000,001,212 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk [2012.10.30 11:58:18 | 000,002,685 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.10.30 11:58:11 | 000,002,679 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.10.30 10:15:09 | 000,000,045 | ---- | M] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2012.10.29 19:14:04 | 000,001,055 | ---- | M] () -- C:\Users\***\Desktop\KeePass.lnk [2012.10.28 17:27:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.28 17:27:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.28 17:27:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.10.28 17:27:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.25 20:38:01 | 000,000,459 | ---- | M] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini [2012.10.25 07:26:45 | 000,001,038 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk [2012.10.23 16:35:51 | 000,002,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 18:00:51 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.17 10:05:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.17 09:08:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 09:07:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.11 16:43:30 | 000,000,892 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI [2012.11.11 16:42:29 | 000,000,208 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI [2012.11.11 16:40:29 | 000,005,063 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI [2012.11.11 16:40:27 | 000,000,107 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI [2012.11.11 16:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI [2012.11.10 14:00:58 | 000,000,032 | ---- | C] () -- C:\Windows\0 [2012.11.10 14:00:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0 [2012.11.07 20:57:07 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.06 19:52:34 | 000,595,512 | ---- | C] () -- C:\Users\***\Documents\alle.ac [2012.11.02 11:56:22 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2012.10.31 19:07:42 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk [2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c [2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c [2012.10.30 11:59:35 | 000,001,212 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk [2012.10.30 11:57:54 | 000,002,679 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.10.30 11:57:30 | 000,002,685 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.10.27 21:36:20 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.10.25 20:37:28 | 000,000,459 | ---- | C] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini [2012.10.25 07:26:44 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk [2012.10.23 16:35:51 | 000,002,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2012.10.22 19:04:29 | 000,001,055 | ---- | C] () -- C:\Users\***\Desktop\KeePass.lnk [2012.10.05 21:08:37 | 000,003,475 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT [2012.03.08 19:17:51 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys [2011.10.07 11:48:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2011.10.07 11:48:46 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2011.10.07 11:48:46 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2011.10.07 11:48:45 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2011.10.07 11:48:45 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2011.09.16 18:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.16 18:19:13 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.09.16 18:09:58 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2011.09.16 18:08:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2011.09.16 18:08:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2011.09.16 17:28:32 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI [2011.09.09 12:36:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.09.08 13:58:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.09.08 13:33:47 | 000,266,126 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.09.08 11:57:37 | 000,043,008 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.07 16:16:26 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2011.09.07 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.11 09:41:08 | 003,181,056 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011.03.07 04:08:32 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.02.15 14:30:10 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 344 bytes -> C:\ProgramData:iSpring Converter 6 @Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0FF263E8 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17 < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.11.12 20:48:52 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,97 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,13% Memory free 5,93 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 43,14 Gb Free Space | 44,17% Space Free | Partition Type: NTFS Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS Drive E: | 90,00 Gb Total Space | 27,58 Gb Free Space | 30,65% Space Free | Partition Type: NTFS Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0616E526-C631-4A67-8B7A-E5E788BB508E}" = lport=2869 | protocol=6 | dir=in | app=system | "{0B288524-F54C-4277-934C-B88713971AA7}" = rport=138 | protocol=17 | dir=out | app=system | "{0B687A92-E6FC-4BCB-AE29-281D01D58520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{29CA6D84-546A-4CCA-8043-434BEB7FCD06}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{2B0B28CE-2C56-46DB-9A34-4AF0B05DDEE2}" = lport=138 | protocol=17 | dir=in | app=system | "{319802FD-56C5-4481-9BAF-B5A746B0C04C}" = rport=137 | protocol=17 | dir=out | app=system | "{43E4B403-5834-4E1A-9FFC-30732C0B21C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{5121BE17-C5E2-48E2-BB8A-A7033A1729B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51C758B6-7D53-4A93-9F3A-6F4FB64012AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DC02D63-E73C-44F9-BE8B-A12F3928B996}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6855C7EC-0FD8-443A-965D-4269D9D4C0DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80028D11-C30E-4FD6-A270-1843E411BD78}" = lport=445 | protocol=6 | dir=in | app=system | "{805CFF84-D850-4C33-8082-AACBD3989ED5}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | "{87473261-8281-4A52-89D6-3E7504041784}" = rport=139 | protocol=6 | dir=out | app=system | "{9C1E467E-657F-431B-AB31-032FF8367C89}" = rport=445 | protocol=6 | dir=out | app=system | "{AF72C89B-8F2B-4786-80CF-2CD6A820BFAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C47C6859-5B45-4908-8234-BFCD6DB17F4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{C7C2BC88-D6FA-4A7E-82A1-540B7152EC8E}" = rport=10243 | protocol=6 | dir=out | app=system | "{CB62A167-FCE8-4DE9-BE42-084FAB8C2837}" = lport=137 | protocol=17 | dir=in | app=system | "{CB992B7C-A5CE-4885-92BB-69B294BE2591}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E72351F9-863B-4EA7-954C-01B4DBBFB9F5}" = lport=139 | protocol=6 | dir=in | app=system | "{EBA9079E-4EA4-416C-977E-322DED27D5E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEE42C07-145A-4C3C-9F08-2DF6AF5E8C6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF05DBB7-5966-4A50-B6B8-FBAB30DF83D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D30FE61-E2D5-43E8-8D0C-64ADF0B0D3B2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{0F62EFF3-F25C-458C-8CD1-F4D7EEE26FE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1148DCF2-17ED-4CF9-A718-7C8DCAF4D70B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{11FBA8D8-BCB6-4FA0-9B4A-E2D74F631FB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{128BC5AF-5083-458E-A183-8674019F61FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1477C25C-9435-45FD-A426-0F143D0972AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{159F367F-A362-4BAB-9EB4-14A1D088F4CF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{1C40ED13-9BED-4396-8842-938C6CCAF703}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{2C94EFF8-3104-4937-859E-3AEC6D474995}" = dir=in | app=c:\program files\itunes\itunes.exe | "{40AD6449-1BA5-41F1-92D9-1819B1326ACA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{44DCF29B-D4C6-40F9-98C9-4D8A98451348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49A11033-BBED-4D64-8A8F-78011E31F86B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4A8C5F3E-C7F5-413B-B9CF-A71B24C34AA2}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{4B93733D-480E-4101-AFFF-8E9830D6B453}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{59BCAA14-AA03-4DC8-B28B-CF51A214FE95}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5B6118B6-3FA4-4825-A362-8CD35BB04B7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{5EF6A497-0570-4FAB-8567-AC5D6BF36F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{64E546B5-D400-4569-922D-44576BDBE08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522107C-DA95-44DA-9921-8A3D68AC114E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{67A1FF9A-4A43-4BB5-AD30-E162127A15C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{6905BBCF-34F0-4CE9-83BF-F9CBBD7FE915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6EB87608-B903-442A-B7E1-F1E6753DCE9D}" = protocol=6 | dir=out | app=system | "{768C9BFC-1E0F-4C2A-B017-38A8F069465C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{83F62607-385D-4CAD-B1D0-5C4A215B6921}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CDBF70D-5208-4233-B0D8-5D8ECE271E71}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{8FB9017E-A34E-4BBA-97B4-F3BB2EA251DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9C0FEB8A-9009-4B02-9758-676FD4A8AB31}" = dir=in | app=g:\setup\hpznui01.exe | "{9D860E84-F701-486C-A8E1-16FE8ACF726D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{A0DFD739-2B65-4C13-955B-738612069886}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A1E9F298-9E22-4888-8D7C-3DE1C2A45296}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AA8BB77E-5C1C-46DE-A846-2C007F1AE432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B1E6F5F7-7DD0-4134-90B5-56DBC2D687A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B528C05A-54FF-4BC8-9C7F-2B1B3C6903D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B6388334-2183-45C1-A612-276D0AB22B60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B88E2BBF-260C-4E0F-B8D2-723F140FBF86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBD7F6EF-22C1-4FE6-9F4F-755A1BB0CC4D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{BC60120B-F08F-43CD-BE6E-555B230AEA08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C0B5902A-4B07-4228-BD6C-45004FDCD471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C720647C-A19F-43D0-91E5-85D4B94A8F8A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{D4DBAC9B-1862-4FB8-AEDC-A61403F9A186}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{DF974FF8-9E0E-4DAE-A0BE-4A460A38F9AD}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{E11E79C8-D037-433D-955A-F4287993CE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E84B337E-8A01-4D6A-9C5D-F0AE45449200}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{EC55E450-8990-41E5-A4CA-CDCA1090548C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{F340909E-8A79-495F-81F7-E994EB49C279}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{F5393D03-D19C-43B4-A983-855AD75708F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F54D7530-BE57-4C54-A594-16966CFFE86C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{F79F6054-3CC6-423D-9D3F-8E7BE89A658A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{F7F91E2D-24C6-490D-96F3-6D0DC9B4641B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FD8A4587-22AC-4DC8-A285-3C87E600F08F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{A0D62E6E-C4FA-4E86-BED4-B44EDF5A7AC9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CBF1E633-7F35-48FB-B050-8EE210BC5404}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{069F0828-F359-3DF0-B58E-39C23176F9B8}" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{06E34C00-0446-4176-81C8-A5DAFE53CA36}" = Acronis*Disk*Director*11*Home "{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All "{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio "{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{25887983-54F3-4F55-A7C5-91229AD67C16}" = Bluesoleil 5.4.277.0 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free "{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai "{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7 "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian "{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear "{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean "{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light "{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian "{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{594A6CDC-27E8-4E2D-BCD3-CC8B95A4351E}" = iSpring Free 6 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English "{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E6A29D1-16FA-49CB-9262-17052F5AFE01}" = GMinder "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy "{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard "{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional "{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0 "{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01 "{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-1148-0407-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin "{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le "{982F1EE0-C5C1-43F3-8355-E64A8D0F465A}" = NetObjects Fusion 11.0 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2FF231-AE68-4DB1-8003-5745D895388B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 "{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian "{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New "{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content "{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12 "{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static "{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011 "{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0 "{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch "{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6 "{C9A41E0E-74F0-4984-B1BC-FBEA2C982F1F}" = StarMoney 8.0 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CF3F421E-E735-48B5-A228-37CC53AF035B}" = iSpring Converter 6 "{D218EA3E-E9E6-4BB3-BA85-5B091058332D}" = klickTel Routenplaner Deutschland und Europa 2009 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12 "{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D83A3BAA-8450-48DA-96F9-EF8BEF386768}" = GPS-Mate für Windows V2.4.7 "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs "{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech "{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive "{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney "{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 2.0.2 "AudibleDownloadManager" = Audible Download Manager "AudibleManager" = AudibleManager "Audio Catalog_is1" = Audio Catalog 4.4 "BackUp Maker_is1" = BackUp Maker v6.3 "ClocX" = ClocX (1.5b2) "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "Der Mondkalender" = Der Mondkalender "DesktopIconAmazon" = Desktop Icon für Amazon "DivX Setup" = DivX-Setup "eLicenser Control" = eLicenser Control "FileZilla Client" = FileZilla Client 3.5.3 "Folder Shield" = Folder Shield 2.0.2.0 "Foxit Reader" = Foxit Reader "Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.27.1031 "FreeCommander_is1" = FreeCommander 2009.02b "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "Kalender-Excel-8.8_is1" = Kalender-Excel-8.8 "KeePass Password Safe_is1" = KeePass Password Safe 1.24 "LAME_is1" = LAME v3.99.3 (for Windows) "LSI Soft Modem" = LSI HDA Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Marvell Miniport Driver" = Marvell Miniport Driver "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 Toolkit_is1" = MP3 Toolkit 1.0.4 "MPE" = MyPhoneExplorer "Newsletter Software SuperMailer_is1" = SuperMailer 6.01 "NIS" = Norton Internet Security "No23Live" = No23Live "ObjectDock Free" = ObjectDock Free "PhotoFactory" = PhotoFactory "PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.2 "Picasa 3" = Picasa 3 "PROR" = Microsoft Office Professional 2007 "RocketDock_is1" = RocketDock 1.3.5 "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "SmartToolsMini-Kalenderv2.00" = SmartTools Publishing • Word Mini-Kalender "SuperMailer_is1" = SuperMailer 5.72 "Synchredible_is1" = Synchredible v3.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2011" = TuneUp Utilities 2011 "VLC media player" = VLC media player 2.0.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.07.12 14:44:19 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:39 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:45 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:48 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:45:30 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.07.12 16:44:06 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.6661.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d68 Startzeit: 01cd652548129423 Endzeit: 0 Anwendungspfad: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 368deefe-d119-11e1-9f14-002713cd2d73 Error - 22.07.12 05:01:02 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 10.0.1.4421, Zeitstempel: 0x4f32aa55 Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65619973 ID des fehlerhaften Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01cd67e6cac64db5 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll Berichtskennung: c2ac46a2-d3db-11e1-a2e4-002713cd2d73 Error - 29.07.12 15:16:03 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 14.0.0.4577, Zeitstempel: 0x5000a8e8 Name des fehlerhaften Moduls: xul.dll, Version: 14.0.0.4577, Zeitstempel: 0x5000a816 Ausnahmecode: 0xc0000005 Fehleroffset: 0x008f5a53 ID des fehlerhaften Prozesses: 0xe9c Startzeit der fehlerhaften Anwendung: 0x01cd6dbd76ee7620 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung: d6414060-d9b1-11e1-a237-002713cd2d73 Error - 08.08.12 14:55:01 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1198 Startzeit: 01cd7582db48e424 Endzeit: 15 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: Error - 08.08.12 15:01:04 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd8 Startzeit: 01cd759757fc0fcb Endzeit: 23 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: 6180e4df-e18b-11e1-a276-002713cd2d73 Error - 08.08.12 16:46:02 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1448 Startzeit: 01cd75982bd9c876 Endzeit: 47 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: [ OSession Events ] Error - 20.05.12 15:36:40 | Computer Name = ***-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 20.11.12 14:17:43 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7030 Description = Der Dienst "TomTomHOMEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 20.11.12 14:52:21 | Computer Name = ***-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 20.11.12 14:52:22 | Computer Name = ***-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 20.11.12 14:52:23 | Computer Name = ***-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 20.11.12 15:43:03 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 20.11.12 15:43:03 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029 Description = Display is not active Error - 20.11.12 15:43:08 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%87 Error - 20.11.12 15:43:12 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701 Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487 Error - 20.11.12 15:43:12 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701 Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487 Error - 20.11.12 15:47:40 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > Walterle |
20.11.2012, 21:27 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4312_6&babsrc=SP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012.11.11 16:33:36 | 000,000,032 | ---- | M] () -- C:\Windows\0 [2012.11.10 14:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0 [2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c [2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c @Alternate Data Stream - 344 bytes -> C:\ProgramData:iSpring Converter 6 @Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0FF263E8 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17 ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2012, 21:54 | #11 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cosinus, so sieht das Logfile nach dem fixen aus: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Windows\0 moved successfully. C:\Windows\System32\0 moved successfully. C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c moved successfully. C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c moved successfully. ADS C:\ProgramData:iSpring Converter 6 deleted successfully. ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully. ADS C:\ProgramData\TEMP:BC359956 deleted successfully. ADS C:\ProgramData\TEMP:0E08FC17 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 503376232 bytes ->Temporary Internet Files folder emptied: 368417439 bytes ->Java cache emptied: 1153488 bytes ->FireFox cache emptied: 73033343 bytes ->Flash cache emptied: 120358 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19820141 bytes RecycleBin emptied: 807619328 bytes Total Files Cleaned = 1.691,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 11202012_214559 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Walterle Hallo cosinus, vielleicht hat es ja (noch) nichts zu sagen, aber bis jetzt hat sich nichts geändert. Dies Bild ist von heute Morgen: Gruß Walterle |
21.11.2012, 11:00 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 14:51 | #13 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo, die OTL.txt: Code:
ATTFilter OTL logfile created on: 21.11.12 14:15:20 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,79% Memory free 5,93 Gb Paging File | 3,99 Gb Available in Paging File | 67,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 42,98 Gb Free Space | 44,01% Space Free | Partition Type: NTFS Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS Drive E: | 90,00 Gb Total Space | 28,33 Gb Free Space | 31,48% Space Free | Partition Type: NTFS Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Programme\Folder Shield\FSService.exe () PRC - C:\Programme\Folder Shield\fsp.exe () PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\tsnp2std.exe (SONIX) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Windows\System32\emaudsv.exe (E-MU Systems) PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (No Company Name) ========== MOD - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll () MOD - C:\Programme\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (MCLIENT) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (OS Selector) -- C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (FSService) -- C:\Programme\Folder Shield\FSService.exe () SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation) SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (emaudsv) -- C:\Windows\System32\emaudsv.exe (E-MU Systems) SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121120.001\IDSvix86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121120.022\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121120.022\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1402000.013\SYMEFA.SYS (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1402000.013\SYMDS.SYS (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1402000.013\ccSetx86.sys (Symantec Corporation) DRV - (ccSet_MCLIENT) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1402000.013\Ironx86.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1401010.002\SRTSP.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1401010.002\SYMNETS.SYS (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1402000.013\SRTSPX.SYS (Symantec Corporation) DRV - (REN2CAP_DRIVER) -- C:\Windows\System32\drivers\ren2cap.sys () DRV - (afcdp) -- C:\Windows\System32\DRIVERS\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\DRIVERS\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\DRIVERS\snapman.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (hpdskflt) -- C:\Windows\System32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\DRIVERS\Accelerometer.sys (Hewlett-Packard Company) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation) DRV - (synasusb) -- C:\Windows\System32\Drivers\synasusb.sys (Steinberg Media Technologies GmbH) DRV - (htcnprot) -- C:\Windows\System32\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (bxShield) -- C:\Windows\System32\Drivers\bxShield.sys (Alfa Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corporation) DRV - (NETw5s32) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation) DRV - (HTCAND32) -- C:\Windows\System32\Drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (yukonw7) -- C:\Windows\System32\DRIVERS\yk62x86.sys () DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys (IVT Corporation.) DRV - (btnetBUs) -- C:\Windows\System32\Drivers\btnetBus.sys () DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.) DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys (IVT Corporation.) DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\DRIVERS\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\DRIVERS\vwifimp.sys (Microsoft Corporation) DRV - (5U876UVC) -- C:\Windows\System32\DRIVERS\5U876.sys (Ricoh co.,Ltd.) DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (HpqKbFiltr) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (SNP2STD) -- C:\Windows\System32\DRIVERS\snp2sxp.sys () DRV - (emusba10) -- C:\Windows\System32\DRIVERS\emusba10.sys (E-MU Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F E2 0E 26 70 6D CC 01 [binary data] IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: organize-search-engines@maltekraus.de:1.7 FF - prefs.js..extensions.enabledAddons: 4f905a5fb08bc@4f905a5fb08bd.info:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.11.21 09:59:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.02 19:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012.07.18 19:36:36 | 000,136,026 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 08:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.16 20:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 13:07:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M] [2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.08 17:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions [2012.07.10 17:41:46 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66} [2012.10.31 17:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.22 14:46:07 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\4f905a5fb08bc@4f905a5fb08bd.info [2012.10.02 09:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\foxmarks@kei.com [2012.10.31 13:02:22 | 000,000,000 | ---D | M] (Winstripe Toolbar Icons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\winstripe@largrizzly [2012.02.06 19:53:17 | 000,263,348 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\langpack-de@firefox.mozilla.org.xpi [2012.03.12 21:59:19 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\organize-search-engines@maltekraus.de.xpi [2012.10.31 13:02:22 | 000,065,701 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\winstripe@largrizzly.xpi [2012.07.25 06:09:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.16 18:44:04 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2012.09.13 19:57:33 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.11.07 22:37:24 | 000,001,276 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\ixquick-https---deutsch.xml [2012.11.07 20:57:04 | 000,002,217 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\s-amazon-de.xml [2012.11.07 22:37:24 | 000,003,712 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\youtube.xml [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.01.02 19:13:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.07 22:37:24 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.07 22:37:24 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.07 22:37:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.07 22:37:24 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.07 20:57:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.07 22:37:24 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.20 21:47:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Programme\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation) O4 - HKLM..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft) O4 - HKLM..\Run: [fsp] C:\Programme\Folder Shield\fsp.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~2\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {45FE4418-F85F-45F0-BCAA-68C334FA6E08} file:///C:/Users/***/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/AGEphoneGadget.gadget/sipd.ocx (Sipd Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D71AEE-4623-4841-BCCE-C4AE71CF4057}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4E7D4B-DE9B-47A5-82DE-258588830B07}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | -HS- | M] () - S:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 11:02:30 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys [2012.11.21 11:02:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management [2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management [2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT [2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013 [2012.11.20 21:45:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.17 09:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.17 09:08:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.17 09:08:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.17 09:07:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.17 09:07:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.17 09:07:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.17 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.17 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.17 09:04:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.17 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.17 09:04:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.17 09:04:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.17 09:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.17 09:04:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.17 09:00:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.17 09:00:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.17 09:00:52 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.17 09:00:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.17 09:00:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.17 09:00:46 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.17 09:00:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 15:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.11.12 22:19:44 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.11.12 22:19:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.11 16:37:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\bluesoleil [2012.11.11 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation [2012.11.10 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth [2012.11.09 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.11.09 15:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.09 15:06:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.09 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 22:37:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2012.11.07 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DVDVideoSoft_Ltd [2012.11.07 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.11.07 20:57:07 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.11.07 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS [2012.11.06 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Catalog [2012.11.02 17:35:02 | 000,000,000 | ---D | C] -- C:\tmp [2012.11.02 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Catalog [2012.11.02 12:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Catalog [2012.11.02 11:56:45 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.02 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2012.11.02 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2012.10.31 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free [2012.10.31 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\test01 [2012.10.31 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\cef_data [2012.10.31 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\iSpring Solutions [2012.10.31 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Converter [2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iSpring Solutions [2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\iSpring [2012.10.30 10:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg [2012.10.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 6 [2012.10.29 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VoipCheapCom [2012.10.29 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.28 18:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23Live [2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\No23Live [2012.10.28 17:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.28 17:28:41 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.28 17:28:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.28 17:28:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.28 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity [2012.10.27 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity [2012.10.26 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools [2012.10.26 15:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTools [2012.10.26 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SmartTools [2012.10.25 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\QsDriveInfo [2012.10.25 07:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Manufaktur [2012.10.25 07:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z-Cron [2012.10.25 07:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Z-Cron [2012.10.24 20:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Sevenbar [2012.10.24 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.10.24 11:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit [2012.10.24 11:06:31 | 000,000,000 | ---D | C] -- C:\MP3Toolkit [2012.10.23 19:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock [2012.10.23 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock [2012.10.23 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ODUI [2012.10.23 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Stardock [2012.10.23 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Stardock [2012.10.23 16:35:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock [2012.10.23 16:35:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A} [2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock [2012.10.23 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2012.10.22 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass [2012.10.22 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe ========== Files - Modified Within 30 Days ========== [2012.11.21 14:13:03 | 000,712,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.21 14:13:03 | 000,657,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.21 14:13:03 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.21 14:13:03 | 000,125,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.21 10:03:40 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 10:03:40 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 09:56:38 | 000,005,063 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI [2012.11.21 09:56:24 | 000,000,931 | ---- | M] () -- C:\Windows\System32\bscs.ini [2012.11.21 09:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 09:56:11 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 21:47:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.11.20 18:00:19 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.20 08:46:42 | 001,442,879 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\Cat.DB [2012.11.20 08:46:12 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\VT20121114.016 [2012.11.20 08:44:33 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.20 08:44:33 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.20 08:44:33 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012.11.17 18:37:06 | 000,000,107 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI [2012.11.17 10:05:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.17 09:57:14 | 000,413,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 10:01:03 | 000,043,008 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.11 18:25:48 | 000,000,208 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI [2012.11.11 17:02:50 | 000,003,475 | ---- | M] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT [2012.11.11 16:44:45 | 000,000,892 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI [2012.11.11 16:33:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\BSPRINT.INI [2012.11.08 18:11:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.08 18:11:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.06 21:15:34 | 000,595,512 | ---- | M] () -- C:\Users\***\Documents\alle.ac [2012.11.02 12:39:39 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk [2012.11.02 11:50:01 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI [2012.10.30 12:01:26 | 000,001,212 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk [2012.10.30 11:58:18 | 000,002,685 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.10.30 11:58:11 | 000,002,679 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.10.30 10:15:09 | 000,000,045 | ---- | M] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2012.10.29 19:14:04 | 000,001,055 | ---- | M] () -- C:\Users\***\Desktop\KeePass.lnk [2012.10.28 17:27:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.28 17:27:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.28 17:27:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.10.28 17:27:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.25 20:38:01 | 000,000,459 | ---- | M] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini [2012.10.25 07:26:45 | 000,001,038 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk [2012.10.23 16:35:51 | 000,002,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ========== Files Created - No Company Name ========== [2012.11.21 11:02:24 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat [2012.11.21 11:02:24 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf [2012.11.21 11:02:24 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini [2012.11.20 18:00:51 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.17 10:05:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.17 09:08:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 09:07:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.11 16:43:30 | 000,000,892 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI [2012.11.11 16:42:29 | 000,000,208 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI [2012.11.11 16:40:29 | 000,005,063 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI [2012.11.11 16:40:27 | 000,000,107 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI [2012.11.11 16:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI [2012.11.07 20:57:07 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.06 19:52:34 | 000,595,512 | ---- | C] () -- C:\Users\***\Documents\alle.ac [2012.11.02 11:56:22 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2012.10.31 19:07:42 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk [2012.10.30 11:59:35 | 000,001,212 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk [2012.10.30 11:57:54 | 000,002,679 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.10.30 11:57:30 | 000,002,685 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.10.27 21:36:20 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.10.25 20:37:28 | 000,000,459 | ---- | C] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini [2012.10.25 07:26:44 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk [2012.10.23 16:35:51 | 000,002,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2012.10.22 19:04:29 | 000,001,055 | ---- | C] () -- C:\Users\***\Desktop\KeePass.lnk [2012.10.05 21:08:37 | 000,003,475 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT [2012.03.08 19:17:51 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys [2011.10.07 11:48:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2011.10.07 11:48:46 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2011.10.07 11:48:46 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2011.10.07 11:48:45 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2011.10.07 11:48:45 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2011.09.16 18:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.16 18:19:13 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.09.16 18:09:58 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2011.09.16 18:08:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2011.09.16 18:08:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2011.09.16 17:28:32 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI [2011.09.09 12:36:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.09.08 13:58:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.09.08 13:33:47 | 000,266,126 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.09.08 11:57:37 | 000,043,008 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.07 16:16:26 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2011.09.07 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.11 09:41:08 | 003,181,056 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011.03.07 04:08:32 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.02.15 14:30:10 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.12 14:31:49 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,97 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 38,21% Memory free 5,93 Gb Paging File | 3,72 Gb Available in Paging File | 62,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 42,99 Gb Free Space | 44,02% Space Free | Partition Type: NTFS Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS Drive E: | 90,00 Gb Total Space | 28,33 Gb Free Space | 31,48% Space Free | Partition Type: NTFS Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0616E526-C631-4A67-8B7A-E5E788BB508E}" = lport=2869 | protocol=6 | dir=in | app=system | "{0B288524-F54C-4277-934C-B88713971AA7}" = rport=138 | protocol=17 | dir=out | app=system | "{0B687A92-E6FC-4BCB-AE29-281D01D58520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{29CA6D84-546A-4CCA-8043-434BEB7FCD06}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{2B0B28CE-2C56-46DB-9A34-4AF0B05DDEE2}" = lport=138 | protocol=17 | dir=in | app=system | "{319802FD-56C5-4481-9BAF-B5A746B0C04C}" = rport=137 | protocol=17 | dir=out | app=system | "{43E4B403-5834-4E1A-9FFC-30732C0B21C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{5121BE17-C5E2-48E2-BB8A-A7033A1729B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51C758B6-7D53-4A93-9F3A-6F4FB64012AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DC02D63-E73C-44F9-BE8B-A12F3928B996}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6855C7EC-0FD8-443A-965D-4269D9D4C0DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80028D11-C30E-4FD6-A270-1843E411BD78}" = lport=445 | protocol=6 | dir=in | app=system | "{805CFF84-D850-4C33-8082-AACBD3989ED5}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | "{87473261-8281-4A52-89D6-3E7504041784}" = rport=139 | protocol=6 | dir=out | app=system | "{9C1E467E-657F-431B-AB31-032FF8367C89}" = rport=445 | protocol=6 | dir=out | app=system | "{AF72C89B-8F2B-4786-80CF-2CD6A820BFAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C47C6859-5B45-4908-8234-BFCD6DB17F4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{C7C2BC88-D6FA-4A7E-82A1-540B7152EC8E}" = rport=10243 | protocol=6 | dir=out | app=system | "{CB62A167-FCE8-4DE9-BE42-084FAB8C2837}" = lport=137 | protocol=17 | dir=in | app=system | "{CB992B7C-A5CE-4885-92BB-69B294BE2591}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E72351F9-863B-4EA7-954C-01B4DBBFB9F5}" = lport=139 | protocol=6 | dir=in | app=system | "{EBA9079E-4EA4-416C-977E-322DED27D5E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEE42C07-145A-4C3C-9F08-2DF6AF5E8C6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF05DBB7-5966-4A50-B6B8-FBAB30DF83D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D30FE61-E2D5-43E8-8D0C-64ADF0B0D3B2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{0F62EFF3-F25C-458C-8CD1-F4D7EEE26FE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1148DCF2-17ED-4CF9-A718-7C8DCAF4D70B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{11FBA8D8-BCB6-4FA0-9B4A-E2D74F631FB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{128BC5AF-5083-458E-A183-8674019F61FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1477C25C-9435-45FD-A426-0F143D0972AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{159F367F-A362-4BAB-9EB4-14A1D088F4CF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{1C40ED13-9BED-4396-8842-938C6CCAF703}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{2C94EFF8-3104-4937-859E-3AEC6D474995}" = dir=in | app=c:\program files\itunes\itunes.exe | "{40AD6449-1BA5-41F1-92D9-1819B1326ACA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{44DCF29B-D4C6-40F9-98C9-4D8A98451348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49A11033-BBED-4D64-8A8F-78011E31F86B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4A8C5F3E-C7F5-413B-B9CF-A71B24C34AA2}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{4B93733D-480E-4101-AFFF-8E9830D6B453}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{59BCAA14-AA03-4DC8-B28B-CF51A214FE95}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5B6118B6-3FA4-4825-A362-8CD35BB04B7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{5EF6A497-0570-4FAB-8567-AC5D6BF36F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{64E546B5-D400-4569-922D-44576BDBE08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522107C-DA95-44DA-9921-8A3D68AC114E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{67A1FF9A-4A43-4BB5-AD30-E162127A15C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{6905BBCF-34F0-4CE9-83BF-F9CBBD7FE915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6EB87608-B903-442A-B7E1-F1E6753DCE9D}" = protocol=6 | dir=out | app=system | "{768C9BFC-1E0F-4C2A-B017-38A8F069465C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{83F62607-385D-4CAD-B1D0-5C4A215B6921}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CDBF70D-5208-4233-B0D8-5D8ECE271E71}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{8FB9017E-A34E-4BBA-97B4-F3BB2EA251DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9C0FEB8A-9009-4B02-9758-676FD4A8AB31}" = dir=in | app=g:\setup\hpznui01.exe | "{9D860E84-F701-486C-A8E1-16FE8ACF726D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{A0DFD739-2B65-4C13-955B-738612069886}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A1E9F298-9E22-4888-8D7C-3DE1C2A45296}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AA8BB77E-5C1C-46DE-A846-2C007F1AE432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B1E6F5F7-7DD0-4134-90B5-56DBC2D687A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B528C05A-54FF-4BC8-9C7F-2B1B3C6903D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B6388334-2183-45C1-A612-276D0AB22B60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B88E2BBF-260C-4E0F-B8D2-723F140FBF86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBD7F6EF-22C1-4FE6-9F4F-755A1BB0CC4D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{BC60120B-F08F-43CD-BE6E-555B230AEA08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C0B5902A-4B07-4228-BD6C-45004FDCD471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C720647C-A19F-43D0-91E5-85D4B94A8F8A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | "{D4DBAC9B-1862-4FB8-AEDC-A61403F9A186}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{DF974FF8-9E0E-4DAE-A0BE-4A460A38F9AD}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{E11E79C8-D037-433D-955A-F4287993CE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E84B337E-8A01-4D6A-9C5D-F0AE45449200}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{EC55E450-8990-41E5-A4CA-CDCA1090548C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{F340909E-8A79-495F-81F7-E994EB49C279}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{F5393D03-D19C-43B4-A983-855AD75708F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F54D7530-BE57-4C54-A594-16966CFFE86C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{F79F6054-3CC6-423D-9D3F-8E7BE89A658A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{F7F91E2D-24C6-490D-96F3-6D0DC9B4641B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FD8A4587-22AC-4DC8-A285-3C87E600F08F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{A0D62E6E-C4FA-4E86-BED4-B44EDF5A7AC9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CBF1E633-7F35-48FB-B050-8EE210BC5404}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{069F0828-F359-3DF0-B58E-39C23176F9B8}" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{06E34C00-0446-4176-81C8-A5DAFE53CA36}" = Acronis*Disk*Director*11*Home "{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All "{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio "{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{25887983-54F3-4F55-A7C5-91229AD67C16}" = Bluesoleil 5.4.277.0 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free "{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai "{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7 "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian "{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear "{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean "{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light "{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian "{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{594A6CDC-27E8-4E2D-BCD3-CC8B95A4351E}" = iSpring Free 6 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English "{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E6A29D1-16FA-49CB-9262-17052F5AFE01}" = GMinder "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy "{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard "{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional "{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0 "{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01 "{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-1148-0407-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin "{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le "{982F1EE0-C5C1-43F3-8355-E64A8D0F465A}" = NetObjects Fusion 11.0 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2FF231-AE68-4DB1-8003-5745D895388B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 "{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian "{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New "{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content "{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12 "{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static "{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011 "{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0 "{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch "{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6 "{C9A41E0E-74F0-4984-B1BC-FBEA2C982F1F}" = StarMoney 8.0 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CF3F421E-E735-48B5-A228-37CC53AF035B}" = iSpring Converter 6 "{D218EA3E-E9E6-4BB3-BA85-5B091058332D}" = klickTel Routenplaner Deutschland und Europa 2009 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12 "{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D83A3BAA-8450-48DA-96F9-EF8BEF386768}" = GPS-Mate für Windows V2.4.7 "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs "{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech "{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive "{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney "{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 2.0.2 "AudibleDownloadManager" = Audible Download Manager "AudibleManager" = AudibleManager "Audio Catalog_is1" = Audio Catalog 4.4 "BackUp Maker_is1" = BackUp Maker v6.3 "ClocX" = ClocX (1.5b2) "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "Der Mondkalender" = Der Mondkalender "DesktopIconAmazon" = Desktop Icon für Amazon "DivX Setup" = DivX-Setup "eLicenser Control" = eLicenser Control "FileZilla Client" = FileZilla Client 3.5.3 "Folder Shield" = Folder Shield 2.0.2.0 "Foxit Reader" = Foxit Reader "Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.27.1031 "FreeCommander_is1" = FreeCommander 2009.02b "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "Kalender-Excel-8.8_is1" = Kalender-Excel-8.8 "KeePass Password Safe_is1" = KeePass Password Safe 1.24 "LAME_is1" = LAME v3.99.3 (for Windows) "LSI Soft Modem" = LSI HDA Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Marvell Miniport Driver" = Marvell Miniport Driver "MCLIENT" = Norton Management "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 Toolkit_is1" = MP3 Toolkit 1.0.4 "MPE" = MyPhoneExplorer "Newsletter Software SuperMailer_is1" = SuperMailer 6.01 "NIS" = Norton Internet Security "No23Live" = No23Live "ObjectDock Free" = ObjectDock Free "PhotoFactory" = PhotoFactory "PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.2 "Picasa 3" = Picasa 3 "PROR" = Microsoft Office Professional 2007 "RocketDock_is1" = RocketDock 1.3.5 "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "SmartToolsMini-Kalenderv2.00" = SmartTools Publishing • Word Mini-Kalender "SuperMailer_is1" = SuperMailer 5.72 "Synchredible_is1" = Synchredible v3.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2011" = TuneUp Utilities 2011 "VLC media player" = VLC media player 2.0.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.07.12 14:44:19 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:39 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:45 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:44:48 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.07.12 14:45:30 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.07.12 16:44:06 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.6661.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d68 Startzeit: 01cd652548129423 Endzeit: 0 Anwendungspfad: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 368deefe-d119-11e1-9f14-002713cd2d73 Error - 22.07.12 05:01:02 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 10.0.1.4421, Zeitstempel: 0x4f32aa55 Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65619973 ID des fehlerhaften Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01cd67e6cac64db5 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll Berichtskennung: c2ac46a2-d3db-11e1-a2e4-002713cd2d73 Error - 29.07.12 15:16:03 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 14.0.0.4577, Zeitstempel: 0x5000a8e8 Name des fehlerhaften Moduls: xul.dll, Version: 14.0.0.4577, Zeitstempel: 0x5000a816 Ausnahmecode: 0xc0000005 Fehleroffset: 0x008f5a53 ID des fehlerhaften Prozesses: 0xe9c Startzeit der fehlerhaften Anwendung: 0x01cd6dbd76ee7620 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung: d6414060-d9b1-11e1-a237-002713cd2d73 Error - 08.08.12 14:55:01 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1198 Startzeit: 01cd7582db48e424 Endzeit: 15 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: Error - 08.08.12 15:01:04 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd8 Startzeit: 01cd759757fc0fcb Endzeit: 23 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: 6180e4df-e18b-11e1-a276-002713cd2d73 Error - 08.08.12 16:46:02 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002 Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1448 Startzeit: 01cd75982bd9c876 Endzeit: 47 Anwendungspfad: C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe Berichts-ID: [ OSession Events ] Error - 20.05.12 15:36:40 | Computer Name = ***-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029 Description = Display is not active Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%87 Error - 21.11.12 04:56:21 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701 Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487 Error - 21.11.12 04:56:21 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701 Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487 Error - 21.11.12 04:57:15 | Computer Name = ***-Notebook | Source = DCOM | ID = 10010 Description = Error - 21.11.12 04:57:16 | Computer Name = ***-Notebook | Source = WMPNetworkSvc | ID = 866300 Description = Error - 21.11.12 04:57:16 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 21.11.12 09:21:43 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 21.11.12 09:28:56 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > Gruß Walterle |
21.11.2012, 16:34 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | DownloadNSave erstellt Links auf allen Internetseiten Hm, ist recht unauffällig Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 17:23 | #15 |
| DownloadNSave erstellt Links auf allen Internetseiten Hallo cusinus, das war ein guter Ansatz: im alten Profil das alte Problem, im neuen ist nichts davon zu sehen. Aber was sagt uns das? Einfach ein neues Profil anlegen - und alles ist gut? Gruß Walterle |
Themen zu DownloadNSave erstellt Links auf allen Internetseiten |
anhang, bilder, continue, download, downloadnsave, einfach, einzelne, ergebnisse, erstellt, fehlermeldung, flash, folge, gmer.log, home, homepage, internetseite, links, nichts, nutzen, problem, programm, schwer, seite, seiten, service, thema, verdacht, verweise, windows, windows 7 |