| Baltazar | 17.11.2012 00:14 |
log adwcleaner Code:
# AdwCleaner v2.007 - Datei am 16/11/2012 um 23:39:50 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : M - M-A
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\M\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\M\AppData\RoaMing\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\M\AppData\RoaMing\Mozilla\Firefox\Profiles\xfvkuzgp.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1406 octets] - [16/11/2012 23:38:00]
AdwCleaner[S1].txt - [1339 octets] - [16/11/2012 23:39:50]
########## EOF - C:\AdwCleaner[S1].txt - [1399 octets] ##########
OTL
OTL Logfile: Code:
OTL logfile created on: 16.11.2012 23:47:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,47 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 51,89% Memory free
4,93 Gb Paging File | 3,42 Gb Available in Paging File | 69,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 11,53 Gb Free Space | 8,01% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 8,54 Gb Free Space | 6,08% Space Free | Partition Type: NTFS
Computer Name: M-A | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\M\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Windows\System32\PSIService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MOBKbackup) -- C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys File not found
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (McPvDrv) -- C:\Windows\System32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ArcSec) -- C:\Windows\System32\drivers\ArcSec.sys ()
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 6A 7E 1A 6A B4 CD 01 [binary data]
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes\{BB93CF59-A42C-4699-8E06-749ADE23418B}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.11.07 19:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.07 19:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.11.07 20:31:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.07 19:47:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.02.02 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Extensions
[2012.02.02 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.23 17:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Firefox\Profiles\xfvkuzgp.default\extensions
[2012.11.07 19:49:00 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\M\AppData\Roaming\mozilla\Firefox\Profiles\xfvkuzgp.default\extensions\fb_add_on@avm.de
[2012.08.29 21:07:47 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\M\AppData\Roaming\mozilla\firefox\profiles\xfvkuzgp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.01.18 23:32:41 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\M\AppData\Roaming\mozilla\firefox\profiles\xfvkuzgp.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.10.27 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 21:22:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.05 20:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 20:10:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.05 20:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.05 20:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.05 20:10:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.05 20:10:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001..\Run: [AVMUSBFernanschluss] C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.20.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61EE6ADE-D091-4F01-8EC2-4567265193DE}: DhcpNameServer = 10.7.20.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE9A0C4-0FFB-4698-9D9E-18B95A3E8476}: DhcpNameServer = 10.7.20.3
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24347878-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{24347878-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{24347887-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{24347887-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{24347889-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{24347889-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{54d7ca0d-adae-11e1-af4c-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{54d7ca0d-adae-11e1-af4c-001eec54080e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{54d7ca0f-adae-11e1-af4c-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{54d7ca0f-adae-11e1-af4c-001eec54080e}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{96bb23ec-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{96bb23ec-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{96bb23ee-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{96bb23ee-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{96bb245d-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{96bb245d-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a5bc630a-6175-11e1-97ee-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5bc630a-6175-11e1-97ee-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ca4ae027-6311-11e1-bd69-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{ca4ae027-6311-11e1-bd69-001eec54080e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fc904898-4229-11e1-bfd5-001eec54080e}\Shell - "" = AutoRun
O33 - MountPoints2\{fc904898-4229-11e1-bfd5-001eec54080e}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.16 22:52:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\M\Desktop\tdsskiller.exe
[2012.11.16 20:18:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\M\Desktop\aswMBR.exe
[2012.11.15 18:41:51 | 000,526,800 | ---- | C] (McAfee, Inc.) -- C:\Users\M\Desktop\MVTInstaller.exe
[2012.11.07 17:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\2CB5E81483702AAC00002CB5BB602C10
[2012.11.05 18:20:33 | 000,000,000 | R--D | C] -- C:\Users\M\Desktop\nokia
[2012.10.27 21:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.24 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Local\SKIDROW
[2012.10.24 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\DarknessII
[2012.10.24 19:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.10.22 18:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.22 18:47:40 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.22 18:47:40 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.22 18:47:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.22 18:47:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.22 18:47:13 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.22 18:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.10.21 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Malwarebytes
[2012.10.21 20:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.21 20:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.21 20:43:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.21 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.21 20:41:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\M\Desktop\mbam-setup.exe
[2012.10.21 17:27:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe
[2012.10.21 16:19:56 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.10.21 16:19:56 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.10.21 15:29:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.10.21 15:29:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.10.21 15:29:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.10.21 15:29:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.10.21 15:29:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.10.21 15:29:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.10.21 15:29:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.10.21 15:29:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.10.21 15:20:26 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.10.21 15:20:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.21 15:19:37 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.10.21 15:19:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.10.21 15:19:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.10.21 15:18:19 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.21 15:18:19 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.21 15:18:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.21 15:18:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.21 15:18:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.21 15:18:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.21 15:18:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.21 15:18:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.21 15:18:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.21 15:18:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.21 15:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.21 15:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.21 15:17:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.10.21 15:17:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.10.21 15:12:36 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.21 15:12:36 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.21 15:12:27 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.10.21 15:12:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.10.18 18:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\stabwfcjxvfpbhg
========== Files - Modified Within 30 Days ==========
[2012.11.16 23:50:32 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 23:50:32 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 23:42:04 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.11.16 23:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.16 23:41:47 | 1986,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.16 23:37:12 | 000,541,569 | ---- | M] () -- C:\Users\M\Desktop\adwcleaner.exe
[2012.11.16 23:30:32 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.11.16 22:52:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\M\Desktop\tdsskiller.exe
[2012.11.16 22:50:47 | 000,000,512 | ---- | M] () -- C:\Users\M\Desktop\MBR.dat
[2012.11.16 20:18:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\M\Desktop\aswMBR.exe
[2012.11.15 23:04:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 23:04:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 23:04:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 23:04:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 18:41:51 | 000,526,800 | ---- | M] (McAfee, Inc.) -- C:\Users\M\Desktop\MVTInstaller.exe
[2012.11.15 01:08:42 | 000,270,485 | ---- | M] () -- C:\Users\M\Desktop\Image3.jpg
[2012.11.10 20:04:13 | 000,597,473 | ---- | M] () -- C:\Users\M\Desktop\OTL.rar
[2012.11.08 20:45:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.07 20:58:07 | 000,302,592 | ---- | M] () -- C:\Users\M\Desktop\lf61ovol.exe
[2012.11.07 20:37:04 | 000,000,156 | ---- | M] () -- C:\Users\M\defogger_reenable
[2012.11.07 20:36:17 | 000,050,477 | ---- | M] () -- C:\Users\M\Desktop\Defogger.exe
[2012.11.07 17:41:33 | 000,046,461 | ---- | M] () -- C:\Users\M\AppData\Local\qdgqgrca
[2012.10.24 19:58:59 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012.10.22 18:46:11 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.22 18:46:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.22 18:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.22 18:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.22 18:46:07 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.22 18:46:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.21 20:41:48 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\M\Desktop\mbam-setup.exe
[2012.10.21 17:27:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe
[2012.10.21 16:40:54 | 000,883,840 | ---- | M] () -- C:\Users\M\Desktop\Avira-DE-Cleaner.exe
[2012.10.21 16:30:37 | 000,412,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.21 16:19:50 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2012.10.21 16:19:50 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2012.10.18 18:55:51 | 000,076,347 | ---- | M] () -- C:\ProgramData\tdocfaumpmggoyq
========== Files Created - No Company Name ==========
[2012.11.16 23:36:57 | 000,541,569 | ---- | C] () -- C:\Users\M\Desktop\adwcleaner.exe
[2012.11.16 20:29:22 | 000,000,512 | ---- | C] () -- C:\Users\M\Desktop\MBR.dat
[2012.11.10 20:12:20 | 000,270,485 | ---- | C] () -- C:\Users\M\Desktop\Image3.jpg
[2012.11.10 20:04:13 | 000,597,473 | ---- | C] () -- C:\Users\M\Desktop\OTL.rar
[2012.11.07 20:58:06 | 000,302,592 | ---- | C] () -- C:\Users\M\Desktop\lf61ovol.exe
[2012.11.07 20:37:03 | 000,000,156 | ---- | C] () -- C:\Users\M\defogger_reenable
[2012.11.07 20:36:14 | 000,050,477 | ---- | C] () -- C:\Users\M\Desktop\Defogger.exe
[2012.11.07 17:41:33 | 000,046,461 | ---- | C] () -- C:\Users\M\AppData\Local\qdgqgrca
[2012.10.24 19:58:59 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012.10.21 20:43:57 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.21 16:40:51 | 000,883,840 | ---- | C] () -- C:\Users\M\Desktop\Avira-DE-Cleaner.exe
[2012.10.18 18:55:48 | 000,076,347 | ---- | C] () -- C:\ProgramData\tdocfaumpmggoyq
[2012.06.29 14:43:43 | 000,007,608 | ---- | C] () -- C:\Users\M\AppData\Local\Resmon.ResmonCfg
[2012.04.02 21:58:55 | 000,009,216 | ---- | C] () -- C:\Users\M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 18:01:28 | 000,000,662 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.21 15:48:02 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\DE2D5743D6.sys
[2012.01.21 15:26:57 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.21 13:28:47 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.20 19:40:08 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.01.18 23:50:50 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2012.01.18 23:50:50 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.01.18 23:50:50 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.01.18 22:26:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.21 01:46:14 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:46:14 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 16.11.2012 23:47:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,47 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 51,89% Memory free
4,93 Gb Paging File | 3,42 Gb Available in Paging File | 69,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 11,53 Gb Free Space | 8,01% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 8,54 Gb Free Space | 6,08% Space Free | Partition Type: NTFS
Computer Name: M-A | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D81E0-7E04-4296-8126-0FF58DE6B149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{053DC611-312D-4EEC-8545-5841FABAE71B}" = lport=445 | protocol=6 | dir=in | app=system |
"{14CE9331-F1AF-4B64-8AAF-B12BAC66444D}" = rport=445 | protocol=6 | dir=out | app=system |
"{18A64702-A665-49E9-883E-A0641ECE5586}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{194699BE-1F28-425D-B714-E3F157BAD8AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24AB282C-62CD-4F64-9707-F5CC4CBC58BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31905B2E-50B3-4F52-B056-B96F03DD5E8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450E361E-D164-49C0-BDF7-961E92E54EFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{45D03628-12D4-4F68-A997-D242F0014760}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D76CFCA-1982-4E29-889B-FCB6468A5A2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B5B9503-2C42-41A2-926B-A83EB07AE00D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7218861D-EDDE-4AD9-B2B0-BF70EFB0382A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{725CD7D0-CB2F-4C62-A23E-4CEE6BB198DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{805F9CD7-32E5-4CA1-8B27-69C1B93976A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B1BB8E6-5027-4E90-A9FB-E2C3E6EAF9C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DAB7B09-B004-4902-851F-D84D86FD11D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A37C6505-F10B-4532-8207-8E9F62F65BDF}" = lport=137 | protocol=17 | dir=in | app=system |
"{B77ADE15-1C2E-4BF8-A392-E78C5E053E33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0D3D180-B3B5-4BF3-8413-CB20B898D06B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC7EE35C-EC12-4180-8991-294F67AB1233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE5EC512-B6EE-4D96-AAC4-5B59B7D45164}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E560BAAF-C95E-4C9B-9293-F3FE18ACD161}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0A38E3C-B8BE-448A-B34C-DCD2F0C9947E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8423DFF-79DA-47EF-9D02-36D35A45B8CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069E7DDE-74A7-4A31-AF76-4348B75D5F24}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{08B3AC8E-9B39-4078-9D6C-42C8DC32F1B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{167F5CF0-DCC9-47DC-AE7A-77CDC0AF9AF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DBA470E-48B0-43CD-9CE5-62E35475A0FC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2967AB91-7372-43C6-8047-9A20F662E37C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{31F23D34-A532-4B0C-AA06-54BB47C78084}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{32759961-0E7A-4ADA-B22A-977CD36AAB09}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{3662D225-3C6E-4527-B565-0A1EE87ACA77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{3665FFF5-09EC-4A9A-94F8-5D1D86FFAA12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{407B39DA-20A4-4DC7-8097-3CA2F8E74D6B}" = protocol=17 | dir=in | app=c:\users\m\appdata\local\apps\2.0\59a6cla7.5dd\mltyhmrm.xac\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{4CACEE89-7AB9-4812-97B5-11808EEFE09E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F1D2BBA-EC23-4A4B-846A-82F77CA0E1D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59AD1F18-1369-48B7-A0FE-195F1FD2531F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{654926CA-121B-4305-AF02-61CA7DCAE2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6699C8FC-44CC-4130-BF92-46E95DF90197}" = protocol=6 | dir=out | app=system |
"{6AC7411E-392D-4C2A-BDDB-7A916D470A5B}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax standard\maxtax.exe |
"{6AD638C0-75FB-47C3-895B-3E64E1A66D75}" = protocol=6 | dir=in | app=c:\users\m\appdata\local\apps\2.0\59a6cla7.5dd\mltyhmrm.xac\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{6C29BF37-F8C5-4A0C-A075-443DCCF073BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{71FCA845-61B5-4663-8A2B-B534C7F520E3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C66E8FB-D659-45EE-9814-5BC0C02209D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{906653DA-68E1-49EA-8FC4-04C7857DC1EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A00B5228-663A-483F-84D8-7E9711A99158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7257D46-2111-425C-A57B-4581172F93C3}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{A7C1D3FF-3614-4BF1-B149-04DF1A37704B}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{AC118144-1534-4DE0-AC31-80F202E5116D}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax standard\stmaxtax.exe |
"{B406C6B3-323A-4F01-A377-C398C0802563}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax standard\maxtax.exe |
"{B45EA6F6-C60E-4F9B-9BB8-B30F71E22EA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4558C2B-2878-4987-A621-38369CE10969}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E13A1141-F912-444F-AAA0-7AF2D93F26A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E298755D-479D-457F-9CF7-B185C42D339B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7F9316D-4AB1-4F45-A103-0F46BDD736B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EDEB1FD0-F870-4BD8-BF3D-19F9A6258CAD}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax standard\stmaxtax.exe |
"{F1EF9919-C4BB-4BE1-9818-6B102B401534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4FE0BEB-E58D-4365-8392-C960C7AEA490}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{CE28A63C-5873-4139-864A-23CF15D84140}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{F30F959B-0C7B-4DC9-8D90-9BE87EC7CC13}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{97FEB2C2-80D7-42F4-87F8-9E8EC5D5C52F}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{BA4BDB7E-68B7-4715-A259-8822A7A929B6}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian
"{2997ABF5-E5F6-4E9C-9717-26F208D9ED5E}" = PC Connectivity Solution Lite
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common
"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek
"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3914C1-4D22-92B1-D391-BF2CF160A391}" = ccc-utility
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66268C28-7687-4B59-93EA-FD3F7BA13CD2}" = Warhammer 40,000™ Dawn of War - Complete Collection (Hi-Res)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A35E7ACE-0D23-049B-FE8D-117BEF783503}" = AMD Fuel
"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian
"{DC07522A-FA33-C098-E885-2FFA362097FC}" = AMD Catalyst Install Manager
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.4
"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MAXTAXDel" = eurowin maxtax
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"ratDVD" = ratDVD 0.78.1444
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Darkness II_is1" = The Darkness II
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 19:39:35 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.11.2012 19:40:55 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 19:41:46 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
Error - 16.11.2012 14:23:17 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 16.11.2012 14:25:23 | Computer Name = M-A | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3132 (0xc3c) Thread address : 0x770A7094 Thread message : Build VSCORE.15.1.0.461
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.11.2012 14:25:23 | Computer Name = M-A | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3148 (0xc4c) Thread address : 0x770A7094 Thread message : Build VSCORE.15.1.0.461
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.11.2012 14:25:27 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 14:29:36 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
Error - 16.11.2012 18:42:23 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 16.11.2012 18:43:41 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 18:45:18 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
[ OSession Events ]
Error - 08.08.2012 15:46:10 | Computer Name = M-A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 113
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.11.2012 14:22:02 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst McNASvc erreicht.
Error - 16.11.2012 14:24:11 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 16.11.2012 14:25:09 | Computer Name = M-A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Server" wurde nicht richtig gestartet.
Error - 16.11.2012 14:25:11 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 16.11.2012 14:25:38 | Computer Name = M-A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "McAfee Firewall Core Service" wurde nicht richtig gestartet.
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Personal Firewall Service" ist vom Dienst "McAfee
Firewall Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1070
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070
Error - 16.11.2012 14:27:25 | Computer Name = M-A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 16.11.2012 14:30:15 | Computer Name = M-A | Source = DCOM | ID = 10010
Description =
< End of report >
--- --- --- |
