| |
| |||||||
Log-Analyse und Auswertung: Nerviger Skriptfehler von startsear.chWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.11.2011, 11:08
| #1 |
 |  Nerviger Skriptfehler von startsear.ch Hallo! ich habe einen nervigen Skriptfehler jedes mal wenn sich Explorer öffnet. Die URL: hxxp://startsear.ch/tb/vshare/js/helper.js. Ich habe hier herausgelsen, dass es um "hijack" handelt und habe das Malwarebytes installiert und durchlaufen lassen, darauf wurde ein Schädling gefunden und ich habe "das ausgewählte" entfernt und ein Bericht gespeichert. Danach System neugestartet und der Fehler springt trotzdem immer wieder raus. Ich bitte um Hilfe!!! Was soll ich tun? Danke schön im Voraus. Datenbank Version: 8170 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 16.11.2011 10:47:45 mbam-log-2011-11-16 (10-47-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 300233 Laufzeit: 1 Stunde(n), 54 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\abbyy finereader 9.0\Loader.exe (PUP.Hacktool.Patcher) -> Not selected for removal. d:\Install\finereader 9.0.0.1042 ce\Loader.exe (PUP.Hacktool.Patcher) -> Not selected for removal. |
|
16.11.2011, 13:08
| #2 |
| /// Malware-holic   | Nerviger Skriptfehler von startsear.ch hi
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
16.11.2011, 14:45
| #3 |
| | Nerviger Skriptfehler von startsear.ch Danke für die schnelle Antwort, ich habe alles getan, wie es empfohlen wurde. Hier sind die Log Dateien:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 16.11.2011 14:27:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Irina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,87% Memory free 4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 1,58 Gb Free Space | 2,26% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 41,09 Gb Free Space | 62,00% Space Free | Partition Type: NTFS Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Irina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Programme\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll () MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.2.0.34 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.05.23 17:44:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.05.23 17:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2011.07.28 11:27:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.11.10 13:49:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.16 09:42:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 19:34:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.08.12 15:39:29 | 000,000,000 | ---D | M] [2011.07.17 07:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions [2011.07.17 07:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.08.14 13:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\uxnp83zv.default\extensions [2011.09.13 00:05:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\uxnp83zv.default\extensions\toolbar@ask.com [2010.04.18 13:32:49 | 000,002,253 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\askcom.xml [2011.01.14 19:38:53 | 000,000,931 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\conduit.xml [2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\iMeshWebSearch.xml [2011.08.02 19:07:03 | 000,001,533 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\mailru---.xml [2010.05.14 07:40:28 | 000,001,455 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\mailru.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\searchplugins\startsear.xml [2011.10.23 12:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.15 09:27:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.04 10:20:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 21:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.17 10:35:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.22 09:30:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.23 12:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.10 13:49:00 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2011.10.16 09:42:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.10.16 09:42:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.16 09:42:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.16 09:42:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2011.10.16 09:42:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.05.14 07:40:28 | 000,001,455 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mailru.xml [2011.10.16 09:42:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.16 09:42:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (SopCore Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{079701D7-620B-4032-BED5-47EFE345557B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\AutoRun\command - "" = PRVA\\\\\\\\\\STRANA.exe O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\explore\command - "" = PRVA\\\\\\\\\\\\STRANA.exe O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\open\command - "" = PRVA\\\\\\\\\\\\STRANA.exe O33 - MountPoints2\{b15157a1-4896-11df-ba74-001b2492bc45}\Shell\AutoRun\command - "" = G:\IVANA/danilovic.exe O33 - MountPoints2\{b15157a1-4896-11df-ba74-001b2492bc45}\Shell\open\command - "" = G:\IVANA/danilovic.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.16 14:26:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe [2011.11.15 22:37:33 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Malwarebytes [2011.11.15 22:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.15 22:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.15 22:37:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.15 22:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.15 09:48:11 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\CVK [2011.11.14 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\übung zu IW [2011.11.12 22:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2011.11.12 18:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar [2011.11.12 14:40:07 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Local\assembly [2011.11.12 13:30:16 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2011.11.12 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2011.11.12 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair [2011.11.10 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\Exmaralda [2011.11.10 20:04:30 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\MMI [2011.11.10 19:57:42 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\Methoden der IW [2011.11.10 16:15:18 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Swiss Academic Software [2011.11.10 16:15:18 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\Citavi 3 [2011.11.10 13:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2011.11.10 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2011.11.10 13:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2011.11.10 13:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2011.11.10 13:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2011.11.09 17:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LECTURNITY Player [2011.11.09 17:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\LECTURNITY Player [2011.11.09 13:10:56 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\Porila [2011.11.08 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\Methoden der IW [2011.11.02 19:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.11.01 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2011.11.01 21:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2011.11.01 21:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast [2011.11.01 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\Volker Rosin [2011.11.01 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Amazon [2011.11.01 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.11.01 19:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2011.10.29 08:59:46 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Local\NewSoft [2011.10.29 08:59:46 | 000,000,000 | ---D | C] -- C:\Users\Irina\Documents\My PageManager [2011.10.23 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.10.23 12:09:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.10.23 12:09:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.10.23 12:09:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.10.18 17:12:57 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Avira [2011.10.18 17:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.18 17:11:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.18 17:11:47 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.18 17:11:47 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.18 17:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.18 17:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.03.02 20:49:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Irina\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Irina\Desktop\*.tmp files -> C:\Users\Irina\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.16 14:25:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe [2011.11.16 14:10:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.16 12:50:32 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.16 12:50:32 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.16 10:50:41 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.16 10:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.16 10:49:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.11.15 22:37:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.15 22:03:21 | 000,052,678 | ---- | M] () -- C:\Users\Irina\Desktop\LogoTheaterIGS_72dpi.jpg [2011.11.14 20:39:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.14 20:39:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.14 20:39:20 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.14 20:39:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.13 10:03:36 | 000,085,504 | ---- | M] () -- C:\Users\Irina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.12 13:30:16 | 000,000,840 | ---- | M] () -- C:\Users\Irina\Desktop\Free Window Registry Repair.lnk [2011.11.12 13:29:59 | 000,799,120 | ---- | M] () -- C:\Users\Irina\Desktop\RegpairSetup_2.5.exe [2011.11.10 13:49:10 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2011.11.10 13:21:08 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2011.11.10 13:18:34 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2011.11.10 13:12:27 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2011.11.09 22:24:57 | 000,375,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.09 17:53:26 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\LECTURNITY Player.lnk [2011.11.07 14:59:41 | 000,004,515 | ---- | M] () -- C:\Users\Irina\Documents\Begrüßung_ElsterOnline1.html [2011.11.02 19:34:13 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.11.01 21:07:47 | 000,000,573 | ---- | M] () -- C:\Users\Irina\Desktop\SopCast.lnk [2011.10.31 12:44:30 | 000,003,636 | ---- | M] () -- C:\Users\Irina\Documents\Begrüßung_ElsterOnline1.pdf [2011.10.28 16:01:37 | 000,479,373 | ---- | M] () -- C:\Users\Irina\Documents\Sdroulia_Projektarbeit.pdf [2011.10.27 11:17:19 | 000,010,391 | ---- | M] () -- C:\Users\Irina\andreas_elster_2048.pfx [2011.10.25 09:55:35 | 000,156,175 | ---- | M] () -- C:\Users\Irina\Documents\CAVA_technical_data.pdf [2011.10.18 17:12:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Irina\Desktop\*.tmp files -> C:\Users\Irina\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.15 22:37:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.15 22:05:52 | 000,052,678 | ---- | C] () -- C:\Users\Irina\Desktop\LogoTheaterIGS_72dpi.jpg [2011.11.12 13:30:16 | 000,000,840 | ---- | C] () -- C:\Users\Irina\Desktop\Free Window Registry Repair.lnk [2011.11.12 13:29:51 | 000,799,120 | ---- | C] () -- C:\Users\Irina\Desktop\RegpairSetup_2.5.exe [2011.11.10 13:49:10 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2011.11.10 13:18:34 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2011.11.09 17:53:26 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\LECTURNITY Player.lnk [2011.11.02 19:34:13 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.11.02 19:34:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.11.01 21:07:47 | 000,000,573 | ---- | C] () -- C:\Users\Irina\Desktop\SopCast.lnk [2011.11.01 19:28:51 | 000,479,373 | ---- | C] () -- C:\Users\Irina\Documents\Sdroulia_Projektarbeit.pdf [2011.10.31 12:44:30 | 000,003,636 | ---- | C] () -- C:\Users\Irina\Documents\Begrüßung_ElsterOnline1.pdf [2011.10.31 12:41:56 | 000,004,515 | ---- | C] () -- C:\Users\Irina\Documents\Begrüßung_ElsterOnline1.html [2011.10.27 11:17:04 | 000,010,391 | ---- | C] () -- C:\Users\Irina\andreas_elster_2048.pfx [2011.10.25 09:55:35 | 000,156,175 | ---- | C] () -- C:\Users\Irina\Documents\CAVA_technical_data.pdf [2011.10.18 17:12:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.08.12 15:40:57 | 000,000,183 | ---- | C] () -- C:\Users\Irina\AppData\Roaming\burnaware.ini [2011.07.28 09:14:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.05.09 19:05:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL [2011.05.09 19:03:27 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2011.05.09 19:00:08 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.04.02 20:18:32 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NlsLexidons004c.dll [2010.07.27 08:18:28 | 000,017,408 | ---- | C] () -- C:\Users\Irina\AppData\Local\WebpageIcons.db [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.03.07 17:00:48 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.03.04 11:42:40 | 000,000,036 | ---- | C] () -- C:\Windows\System32\swk.ini [2010.03.02 20:49:36 | 000,087,608 | ---- | C] () -- C:\Users\Irina\AppData\Roaming\inst.exe [2010.03.02 20:49:36 | 000,007,887 | ---- | C] () -- C:\Users\Irina\AppData\Roaming\pcouffin.cat [2010.03.02 20:49:36 | 000,001,144 | ---- | C] () -- C:\Users\Irina\AppData\Roaming\pcouffin.inf [2010.02.28 14:24:16 | 000,000,125 | ---- | C] () -- C:\Users\Irina\AppData\Roaming\Broad Intelligenceprefs.xml [2010.01.06 10:58:42 | 000,085,504 | ---- | C] () -- C:\Users\Irina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.30 20:23:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.12.30 19:09:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.30 19:09:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.28 18:26:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.20 19:27:51 | 000,000,680 | ---- | C] () -- C:\Users\Irina\AppData\Local\d3d9caps.dat [2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin [2008.02.11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin [2008.02.11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin [2006.12.09 03:54:38 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll [2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,375,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll < End of report > und:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2011 14:27:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Irina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,87% Memory free
4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,58 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 41,09 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13953A27-D9AA-4289-A6D0-FD01ED5AFC2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{140D9B80-428F-4E32-8E7C-70465EE4211F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14C28DFC-FF9C-4DAA-AC2E-771E8D606F37}" = rport=138 | protocol=17 | dir=out | app=system |
"{211E2D62-AF81-4F08-8E78-D241C4C85CA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2BE9B06D-9B81-4EAA-8FD9-7F050DF986C2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{35EE4EF1-DCD4-455C-844B-0BDEF1D5283C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3F99D39A-16AE-4700-B98F-23C59F539AE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43E892DB-F46E-4EF3-A882-47043D51D429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B88F861-0C9E-4F7D-AFA3-E99C1D872EB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DB92B8D-EA8D-4522-AC17-4CB35FD918BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{64B751A4-18BB-4D15-99C3-05C308D265B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AA93368-7294-419A-A487-14241B353434}" = rport=137 | protocol=17 | dir=out | app=system |
"{735D824F-24E9-42AA-B3AE-40E182964AB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74FAE909-424C-4205-B4BD-A6C4BE65BD62}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{81E45AC2-2754-4598-81D6-C38C585FBC0F}" = lport=138 | protocol=17 | dir=in | app=system |
"{891B5BC4-3F97-430A-B2C6-A23A657ACB1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{921E6ECD-0F72-4080-AFD5-A6380E7D8842}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0E6B443-966C-45A6-BE92-2F5852A0889C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA9B606A-8873-4948-8F0E-4F94743939A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4AC2D44-D871-4157-BB51-E8082428F5DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEAF56E4-0705-4863-860C-3F1F407CF2A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD5BE12B-43DA-464B-8E46-BAA3743CD68D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D6F8ABDE-3065-46C3-B10D-1B97E4CF9BBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2CED97A-85FC-4759-A89A-0FF48A54C462}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3550311-E82A-45AC-8E6E-1B7EDE4806A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA7578C6-932F-4BC3-B282-58596C64F1E8}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001AE7AE-F1B3-45DE-B20D-4EBCE7D5C958}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{10C2CC02-2DC6-478F-85AB-F2CE052FC076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12AE831A-C8AF-4CA5-B8E1-401C34E7186A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5AB6D3-475D-4A31-8513-44FD1ECC159A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FA41C22-2DEE-4C55-AAD1-CD77EFB21779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EBE09F0-7743-42E9-A050-7A1B1A11A71F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{349DB27C-AE7E-4CD0-AC0F-D5D6BC282A45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D54F301-ACAC-4F87-B5E6-F5A470BD941C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F482A68-88DF-4CD4-AB7C-72E30C3B8195}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{45A57921-5848-48C0-89E4-67D2AEF1F97F}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{51112FB1-C7B9-498D-AC60-2C1E727B4A30}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{533563E7-6E31-4DDE-8F1A-CA600366634E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FBEA376-E012-4011-8E40-1B74D8B7F367}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62DD2DC3-E352-4D7B-990A-5A111DB0E91F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6BFE4690-466D-4CF5-9232-FBE29266AF21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E9E67E0-26DE-4CED-ABF4-0A193C4C90A1}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{74748D59-B9C6-4FCA-AA56-A01907C9716E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{823819D3-CAFF-4E37-B93B-460AC6163661}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{85AEC422-1EDD-44AA-8690-F3AEA552B1B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90D0CF77-993E-43C6-9E44-552337FEFF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{968050EC-1EA7-4881-B682-4CE241B9B3C3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B5B19022-3D01-474D-A8BE-A4696447B51E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{C10A0C0F-5510-4BE6-A5CA-BA11E74F3E75}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C18B98BD-977D-4B92-B09B-E39F662E74F2}" = protocol=6 | dir=out | app=system |
"{C44954AD-0F77-448F-AFA0-0FA1B380AC29}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C58A5491-75E7-484C-8B60-B1CD7D44DBCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D02DBF74-3D77-4989-93C9-B77D19AD9CB9}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{D79425C1-C1B4-4F36-BB4B-2F92361CB430}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E355DFF6-AE79-43B1-B435-12FB6D53515D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8F91A5E-AFBD-40A4-9BF2-8C4629E0EB47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED871594-4381-4459-A475-1D1F94438F18}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{EEA18675-A66B-4537-A0C3-C586D41634A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEA96118-55CC-46AE-8857-569809F60BE1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD325364-4B32-436A-B30E-129BCA573B0F}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{FF454531-7D9C-4B2D-AA07-6ECF88F2EB26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0E39AE8F-CD70-4D34-AE46-7E4A6149D5A5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{108D123D-EFF7-4E3F-9800-202C7D6F46AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{134D4C1F-B10F-4666-BEC2-0750F4794840}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3F89A814-3A3C-4B72-81F9-9FA6157560A1}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{4A465270-CAF9-4148-8515-9295A2604D8A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D245529A-4C2F-46FD-98A9-D9B52F70A492}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D9785350-FDA6-4A54-9DC7-98D853E9C221}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DBFE9494-7FFA-4918-83CC-C15BF355263D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E20ABCC5-7CA4-4A5F-A202-0779CEDB176B}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{EF0F9A08-F547-4037-9D71-B86526C975A5}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{EF3FD6DC-6968-4FFA-8D8D-E256075CA697}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{17DEA848-0EB7-4605-ABC5-6168C7B4D191}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{38CC4BCE-5468-4C8D-883B-DD54C914C9B5}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{4D325461-5443-421B-A4B2-F904FC72AC28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4EF58BF8-F1FB-495D-97C1-12CD6FB0A26C}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{705E69A6-0247-4B80-BF2C-7BDB27462694}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ACC78103-0657-48F7-BD87-56DB62AC61EF}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{B0A231F0-E8D4-4AB9-847E-A5A8F527A879}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B7A87DFE-2A3D-45F6-8A27-71EFB434EA90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BD527607-DF8D-4664-A731-51681CBADE0E}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{C231D9EA-6CE1-4849-9C74-81DB6B9C1768}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F049D264-6DE5-4AE6-94CB-521DEDC11A70}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"conduitEngine" = Conduit Engine
"DVDFab 8_is1" = DVDFab 8.0.6.7 (02/01/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EXMARaLDA_is1" = EXMARaLDA 1.7
"Free Window Registry Repair" = Free Window Registry Repair
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"SopCast" = SopCast 2.0.4
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1005
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1018
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 15.11.2011 03:45:28 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x74c, Anwendungsstartzeit
01cca36a890b16d3.
Error - 15.11.2011 12:10:03 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x9ac,
Anwendungsstartzeit 01cca39f40cc15a4.
Error - 15.11.2011 15:08:23 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x0003de2d, Prozess-ID 0x5dc,
Anwendungsstartzeit 01cca393fc7e5eda.
Error - 15.11.2011 18:45:00 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x374,
Anwendungsstartzeit 01cca39531f80c54.
[ System Events ]
Error - 15.11.2011 08:40:09 | Computer Name = Irina-PC | Source = DCOM | ID = 10010
Description =
Error - 15.11.2011 08:43:43 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 20:38:49 | Computer Name = Irina-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.11.2011 05:52:08 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
16.11.2011, 14:54
| #4 |
| | Nerviger Skriptfehler von startsear.ch Danke für die schnelle Antwort. Hier sind die Logfeiles.OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2011 14:27:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Irina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,87% Memory free
4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,58 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 41,09 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13953A27-D9AA-4289-A6D0-FD01ED5AFC2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{140D9B80-428F-4E32-8E7C-70465EE4211F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14C28DFC-FF9C-4DAA-AC2E-771E8D606F37}" = rport=138 | protocol=17 | dir=out | app=system |
"{211E2D62-AF81-4F08-8E78-D241C4C85CA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2BE9B06D-9B81-4EAA-8FD9-7F050DF986C2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{35EE4EF1-DCD4-455C-844B-0BDEF1D5283C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3F99D39A-16AE-4700-B98F-23C59F539AE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43E892DB-F46E-4EF3-A882-47043D51D429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B88F861-0C9E-4F7D-AFA3-E99C1D872EB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DB92B8D-EA8D-4522-AC17-4CB35FD918BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{64B751A4-18BB-4D15-99C3-05C308D265B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AA93368-7294-419A-A487-14241B353434}" = rport=137 | protocol=17 | dir=out | app=system |
"{735D824F-24E9-42AA-B3AE-40E182964AB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74FAE909-424C-4205-B4BD-A6C4BE65BD62}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{81E45AC2-2754-4598-81D6-C38C585FBC0F}" = lport=138 | protocol=17 | dir=in | app=system |
"{891B5BC4-3F97-430A-B2C6-A23A657ACB1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{921E6ECD-0F72-4080-AFD5-A6380E7D8842}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0E6B443-966C-45A6-BE92-2F5852A0889C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA9B606A-8873-4948-8F0E-4F94743939A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4AC2D44-D871-4157-BB51-E8082428F5DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEAF56E4-0705-4863-860C-3F1F407CF2A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD5BE12B-43DA-464B-8E46-BAA3743CD68D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D6F8ABDE-3065-46C3-B10D-1B97E4CF9BBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2CED97A-85FC-4759-A89A-0FF48A54C462}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3550311-E82A-45AC-8E6E-1B7EDE4806A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA7578C6-932F-4BC3-B282-58596C64F1E8}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001AE7AE-F1B3-45DE-B20D-4EBCE7D5C958}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{10C2CC02-2DC6-478F-85AB-F2CE052FC076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12AE831A-C8AF-4CA5-B8E1-401C34E7186A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5AB6D3-475D-4A31-8513-44FD1ECC159A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FA41C22-2DEE-4C55-AAD1-CD77EFB21779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EBE09F0-7743-42E9-A050-7A1B1A11A71F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{349DB27C-AE7E-4CD0-AC0F-D5D6BC282A45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D54F301-ACAC-4F87-B5E6-F5A470BD941C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F482A68-88DF-4CD4-AB7C-72E30C3B8195}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{45A57921-5848-48C0-89E4-67D2AEF1F97F}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{51112FB1-C7B9-498D-AC60-2C1E727B4A30}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{533563E7-6E31-4DDE-8F1A-CA600366634E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FBEA376-E012-4011-8E40-1B74D8B7F367}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62DD2DC3-E352-4D7B-990A-5A111DB0E91F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6BFE4690-466D-4CF5-9232-FBE29266AF21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E9E67E0-26DE-4CED-ABF4-0A193C4C90A1}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{74748D59-B9C6-4FCA-AA56-A01907C9716E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{823819D3-CAFF-4E37-B93B-460AC6163661}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{85AEC422-1EDD-44AA-8690-F3AEA552B1B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90D0CF77-993E-43C6-9E44-552337FEFF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{968050EC-1EA7-4881-B682-4CE241B9B3C3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B5B19022-3D01-474D-A8BE-A4696447B51E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{C10A0C0F-5510-4BE6-A5CA-BA11E74F3E75}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C18B98BD-977D-4B92-B09B-E39F662E74F2}" = protocol=6 | dir=out | app=system |
"{C44954AD-0F77-448F-AFA0-0FA1B380AC29}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C58A5491-75E7-484C-8B60-B1CD7D44DBCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D02DBF74-3D77-4989-93C9-B77D19AD9CB9}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{D79425C1-C1B4-4F36-BB4B-2F92361CB430}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E355DFF6-AE79-43B1-B435-12FB6D53515D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8F91A5E-AFBD-40A4-9BF2-8C4629E0EB47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED871594-4381-4459-A475-1D1F94438F18}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{EEA18675-A66B-4537-A0C3-C586D41634A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEA96118-55CC-46AE-8857-569809F60BE1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD325364-4B32-436A-B30E-129BCA573B0F}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{FF454531-7D9C-4B2D-AA07-6ECF88F2EB26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0E39AE8F-CD70-4D34-AE46-7E4A6149D5A5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{108D123D-EFF7-4E3F-9800-202C7D6F46AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{134D4C1F-B10F-4666-BEC2-0750F4794840}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3F89A814-3A3C-4B72-81F9-9FA6157560A1}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{4A465270-CAF9-4148-8515-9295A2604D8A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D245529A-4C2F-46FD-98A9-D9B52F70A492}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D9785350-FDA6-4A54-9DC7-98D853E9C221}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DBFE9494-7FFA-4918-83CC-C15BF355263D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E20ABCC5-7CA4-4A5F-A202-0779CEDB176B}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{EF0F9A08-F547-4037-9D71-B86526C975A5}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{EF3FD6DC-6968-4FFA-8D8D-E256075CA697}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{17DEA848-0EB7-4605-ABC5-6168C7B4D191}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{38CC4BCE-5468-4C8D-883B-DD54C914C9B5}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{4D325461-5443-421B-A4B2-F904FC72AC28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4EF58BF8-F1FB-495D-97C1-12CD6FB0A26C}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{705E69A6-0247-4B80-BF2C-7BDB27462694}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ACC78103-0657-48F7-BD87-56DB62AC61EF}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{B0A231F0-E8D4-4AB9-847E-A5A8F527A879}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B7A87DFE-2A3D-45F6-8A27-71EFB434EA90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BD527607-DF8D-4664-A731-51681CBADE0E}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{C231D9EA-6CE1-4849-9C74-81DB6B9C1768}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F049D264-6DE5-4AE6-94CB-521DEDC11A70}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"conduitEngine" = Conduit Engine
"DVDFab 8_is1" = DVDFab 8.0.6.7 (02/01/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EXMARaLDA_is1" = EXMARaLDA 1.7
"Free Window Registry Repair" = Free Window Registry Repair
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"SopCast" = SopCast 2.0.4
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1005
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1018
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 15.11.2011 03:45:28 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x74c, Anwendungsstartzeit
01cca36a890b16d3.
Error - 15.11.2011 12:10:03 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x9ac,
Anwendungsstartzeit 01cca39f40cc15a4.
Error - 15.11.2011 15:08:23 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x0003de2d, Prozess-ID 0x5dc,
Anwendungsstartzeit 01cca393fc7e5eda.
Error - 15.11.2011 18:45:00 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x374,
Anwendungsstartzeit 01cca39531f80c54.
[ System Events ]
Error - 15.11.2011 08:40:09 | Computer Name = Irina-PC | Source = DCOM | ID = 10010
Description =
Error - 15.11.2011 08:43:43 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 20:38:49 | Computer Name = Irina-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.11.2011 05:52:08 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
und:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2011 14:27:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Irina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,87% Memory free
4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,58 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 41,09 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13953A27-D9AA-4289-A6D0-FD01ED5AFC2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{140D9B80-428F-4E32-8E7C-70465EE4211F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14C28DFC-FF9C-4DAA-AC2E-771E8D606F37}" = rport=138 | protocol=17 | dir=out | app=system |
"{211E2D62-AF81-4F08-8E78-D241C4C85CA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2BE9B06D-9B81-4EAA-8FD9-7F050DF986C2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{35EE4EF1-DCD4-455C-844B-0BDEF1D5283C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3F99D39A-16AE-4700-B98F-23C59F539AE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43E892DB-F46E-4EF3-A882-47043D51D429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B88F861-0C9E-4F7D-AFA3-E99C1D872EB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DB92B8D-EA8D-4522-AC17-4CB35FD918BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{64B751A4-18BB-4D15-99C3-05C308D265B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AA93368-7294-419A-A487-14241B353434}" = rport=137 | protocol=17 | dir=out | app=system |
"{735D824F-24E9-42AA-B3AE-40E182964AB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74FAE909-424C-4205-B4BD-A6C4BE65BD62}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{81E45AC2-2754-4598-81D6-C38C585FBC0F}" = lport=138 | protocol=17 | dir=in | app=system |
"{891B5BC4-3F97-430A-B2C6-A23A657ACB1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{921E6ECD-0F72-4080-AFD5-A6380E7D8842}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0E6B443-966C-45A6-BE92-2F5852A0889C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA9B606A-8873-4948-8F0E-4F94743939A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4AC2D44-D871-4157-BB51-E8082428F5DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEAF56E4-0705-4863-860C-3F1F407CF2A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD5BE12B-43DA-464B-8E46-BAA3743CD68D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D6F8ABDE-3065-46C3-B10D-1B97E4CF9BBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2CED97A-85FC-4759-A89A-0FF48A54C462}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3550311-E82A-45AC-8E6E-1B7EDE4806A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA7578C6-932F-4BC3-B282-58596C64F1E8}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001AE7AE-F1B3-45DE-B20D-4EBCE7D5C958}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{10C2CC02-2DC6-478F-85AB-F2CE052FC076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12AE831A-C8AF-4CA5-B8E1-401C34E7186A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5AB6D3-475D-4A31-8513-44FD1ECC159A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FA41C22-2DEE-4C55-AAD1-CD77EFB21779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EBE09F0-7743-42E9-A050-7A1B1A11A71F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{349DB27C-AE7E-4CD0-AC0F-D5D6BC282A45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D54F301-ACAC-4F87-B5E6-F5A470BD941C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F482A68-88DF-4CD4-AB7C-72E30C3B8195}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{45A57921-5848-48C0-89E4-67D2AEF1F97F}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{51112FB1-C7B9-498D-AC60-2C1E727B4A30}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{533563E7-6E31-4DDE-8F1A-CA600366634E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FBEA376-E012-4011-8E40-1B74D8B7F367}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62DD2DC3-E352-4D7B-990A-5A111DB0E91F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6BFE4690-466D-4CF5-9232-FBE29266AF21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E9E67E0-26DE-4CED-ABF4-0A193C4C90A1}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{74748D59-B9C6-4FCA-AA56-A01907C9716E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{823819D3-CAFF-4E37-B93B-460AC6163661}" = protocol=6 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{85AEC422-1EDD-44AA-8690-F3AEA552B1B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90D0CF77-993E-43C6-9E44-552337FEFF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{968050EC-1EA7-4881-B682-4CE241B9B3C3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B5B19022-3D01-474D-A8BE-A4696447B51E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{C10A0C0F-5510-4BE6-A5CA-BA11E74F3E75}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C18B98BD-977D-4B92-B09B-E39F662E74F2}" = protocol=6 | dir=out | app=system |
"{C44954AD-0F77-448F-AFA0-0FA1B380AC29}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C58A5491-75E7-484C-8B60-B1CD7D44DBCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D02DBF74-3D77-4989-93C9-B77D19AD9CB9}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikflashplayer.exe |
"{D79425C1-C1B4-4F36-BB4B-2F92361CB430}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E355DFF6-AE79-43B1-B435-12FB6D53515D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8F91A5E-AFBD-40A4-9BF2-8C4629E0EB47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED871594-4381-4459-A475-1D1F94438F18}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{EEA18675-A66B-4537-A0C3-C586D41634A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEA96118-55CC-46AE-8857-569809F60BE1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD325364-4B32-436A-B30E-129BCA573B0F}" = protocol=17 | dir=in | app=c:\program files\mail.ru\sputnik\sputnikhelper.exe |
"{FF454531-7D9C-4B2D-AA07-6ECF88F2EB26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0E39AE8F-CD70-4D34-AE46-7E4A6149D5A5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{108D123D-EFF7-4E3F-9800-202C7D6F46AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{134D4C1F-B10F-4666-BEC2-0750F4794840}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3F89A814-3A3C-4B72-81F9-9FA6157560A1}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{4A465270-CAF9-4148-8515-9295A2604D8A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D245529A-4C2F-46FD-98A9-D9B52F70A492}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D9785350-FDA6-4A54-9DC7-98D853E9C221}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DBFE9494-7FFA-4918-83CC-C15BF355263D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E20ABCC5-7CA4-4A5F-A202-0779CEDB176B}D:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse.exe |
"TCP Query User{EF0F9A08-F547-4037-9D71-B86526C975A5}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{EF3FD6DC-6968-4FFA-8D8D-E256075CA697}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{17DEA848-0EB7-4605-ABC5-6168C7B4D191}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{38CC4BCE-5468-4C8D-883B-DD54C914C9B5}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{4D325461-5443-421B-A4B2-F904FC72AC28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4EF58BF8-F1FB-495D-97C1-12CD6FB0A26C}D:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse.exe |
"UDP Query User{705E69A6-0247-4B80-BF2C-7BDB27462694}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ACC78103-0657-48F7-BD87-56DB62AC61EF}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe |
"UDP Query User{B0A231F0-E8D4-4AB9-847E-A5A8F527A879}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B7A87DFE-2A3D-45F6-8A27-71EFB434EA90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BD527607-DF8D-4664-A731-51681CBADE0E}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{C231D9EA-6CE1-4849-9C74-81DB6B9C1768}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F049D264-6DE5-4AE6-94CB-521DEDC11A70}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"conduitEngine" = Conduit Engine
"DVDFab 8_is1" = DVDFab 8.0.6.7 (02/01/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EXMARaLDA_is1" = EXMARaLDA 1.7
"Free Window Registry Repair" = Free Window Registry Repair
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"SopCast" = SopCast 2.0.4
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1005
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1018
Description =
Error - 14.11.2011 16:42:13 | Computer Name = Irina-PC | Source = Perflib | ID = 1008
Description =
Error - 15.11.2011 03:45:28 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x74c, Anwendungsstartzeit
01cca36a890b16d3.
Error - 15.11.2011 12:10:03 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x9ac,
Anwendungsstartzeit 01cca39f40cc15a4.
Error - 15.11.2011 15:08:23 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x0003de2d, Prozess-ID 0x5dc,
Anwendungsstartzeit 01cca393fc7e5eda.
Error - 15.11.2011 18:45:00 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul comctl32.dll, Version 6.10.6002.18305, Zeitstempel
0x4c7d2463, Ausnahmecode 0xc0000409, Fehleroffset 0x00024965, Prozess-ID 0x374,
Anwendungsstartzeit 01cca39531f80c54.
[ System Events ]
Error - 15.11.2011 08:40:09 | Computer Name = Irina-PC | Source = DCOM | ID = 10010
Description =
Error - 15.11.2011 08:43:43 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 15:08:36 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.11.2011 20:38:49 | Computer Name = Irina-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.11.2011 05:52:08 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
16.11.2011, 15:05
| #5 |
| | Nerviger Skriptfehler von startsear.ch Es ist sehr seltsam, wenn ich versuche meine Antwort, also die Logfeils hier auf der Seite und meinen Beiträgen aufzurufen, da spinnt mein Rechner wie verrückt, ich kann sie gar nicht sehen, weil die Seite springt.. Ich versuche noch mal die Log feils zu posten. |
|
16.11.2011, 15:42
| #6 |
| /// Malware-holic | Nerviger Skriptfehler von startsear.ch hiho achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - (RoxLiveShare9) -- File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647SearchSource=3q={searchTerms}"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-
9243-26FF581438AF} - No CLSID value found
O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\AutoRun\command - "" = PRVA\\\\\\\\\\STRANA.exe
O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\explore\command - "" = PRVA\\\\\\\\\\\\STRANA.exe
O33 - MountPoints2\{94e22d13-2054-11df-aa2f-001b2492bc45}\Shell\open\command - "" = PRVA\\\\\\\\\\\\STRANA.exe
O33 - MountPoints2\{b15157a1-4896-11df-ba74-001b2492bc45}\Shell\AutoRun\command - "" = G:\IVANA/danilovic.exe
O33 - MountPoints2\{b15157a1-4896-11df-ba74-001b2492bc45}\Shell\open\command - "" = G:\IVANA/danilovic.exe
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ --> Nerviger Skriptfehler von startsear.ch |
|
16.11.2011, 16:32
| #7 |
| | Nerviger Skriptfehler von startsear.ch Ich habe alles getan wie oben gesagt wurde und mitten drin meldete Windows, dass OTL nicht mehr richtig ausgeführt werden kann und wird geschlossen, dann passierte nichts mehr, nur der schwarze Bildschirm. Ich habe den Comp aus und angemacht und dasselbe noch mal gemacht. Wieder dieselbe meldung von Windows  Soll ich vielleicht OTL noch mal installieren? Hilfe!  )) |
|
16.11.2011, 16:34
| #8 |
| /// Malware-holic | Nerviger Skriptfehler von startsear.ch ne, erst mal folgendes: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.11.2011, 17:36
| #9 |
| | Nerviger Skriptfehler von startsear.ch danke schön, ich habe alles getan und hier ist die logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 11-11-15.06 - Irina 16.11.2011 17:02:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.1132 [GMT 1:00]
ausgeführt von:: c:\users\Irina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Irina\AppData\Roaming\inst.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-16 bis 2011-11-16 ))))))))))))))))))))))))))))))
.
.
2011-11-16 16:11 . 2011-11-16 16:12 -------- d-----w- c:\users\Irina\AppData\Local\temp
2011-11-16 16:11 . 2011-11-16 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 15:00 . 2011-11-16 15:00 -------- d-----w- C:\_OTL
2011-11-16 14:07 . 2011-11-16 15:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BDCAEEF-03CC-477C-A880-6B31E001BFF1}\offreg.dll
2011-11-15 21:37 . 2011-11-15 21:37 -------- d-----w- c:\users\Irina\AppData\Roaming\Malwarebytes
2011-11-15 21:37 . 2011-11-15 21:37 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 21:37 . 2011-11-15 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-15 21:37 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 13:02 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BDCAEEF-03CC-477C-A880-6B31E001BFF1}\mpengine.dll
2011-11-12 21:25 . 2011-11-12 21:25 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-12 17:01 . 2011-11-12 17:01 -------- d-----w- c:\programdata\Gibraltar
2011-11-12 13:40 . 2011-11-12 13:40 -------- d-----w- c:\users\Irina\AppData\Local\assembly
2011-11-12 12:30 . 2011-11-12 12:38 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-10 15:15 . 2011-11-10 19:13 -------- d-----w- c:\users\Irina\AppData\Roaming\Swiss Academic Software
2011-11-10 12:48 . 2011-11-10 12:48 -------- d-----w- c:\program files\Citavi 3
2011-11-10 12:43 . 2011-11-10 12:49 -------- d-----w- c:\programdata\Swiss Academic Software
2011-11-10 12:18 . 2011-11-10 12:18 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2011-11-10 12:08 . 2011-11-10 12:21 -------- d-----w- c:\windows\B0BF705768694E4B920CEA2A58DA07F0.TMP
2011-11-09 16:52 . 2011-11-09 16:53 -------- d-----w- c:\program files\LECTURNITY Player
2011-11-09 05:07 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 05:06 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:06 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-02 18:33 . 2011-11-02 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-01 20:07 . 2011-11-01 20:07 -------- d-----w- c:\program files\SopCast
2011-11-01 18:26 . 2011-11-01 18:26 -------- d-----w- c:\users\Irina\AppData\Roaming\Amazon
2011-11-01 18:20 . 2011-11-01 18:20 -------- d-----w- c:\program files\Amazon
2011-10-29 07:59 . 2011-10-29 07:59 -------- d-----w- c:\users\Irina\AppData\Local\NewSoft
2011-10-23 11:09 . 2011-10-23 11:09 -------- d-----w- c:\program files\Common Files\Java
2011-10-18 16:12 . 2011-10-18 16:12 -------- d-----w- c:\users\Irina\AppData\Roaming\Avira
2011-10-18 16:11 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-18 16:11 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-18 16:11 . 2011-10-18 16:11 -------- d-----w- c:\programdata\Avira
2011-10-18 16:11 . 2011-10-18 16:11 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 08:37 . 2011-07-10 21:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2009-12-20 18:44 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-09 11:32 . 2011-10-09 11:32 69632 ----a-r- c:\users\Irina\AppData\Roaming\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2011-10-09 11:32 . 2011-10-09 11:32 413696 ----a-r- c:\users\Irina\AppData\Roaming\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2011-10-09 11:32 . 2011-10-09 11:32 413696 ----a-r- c:\users\Irina\AppData\Roaming\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2011-10-09 11:32 . 2011-10-09 11:32 413696 ----a-r- c:\users\Irina\AppData\Roaming\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\ARPPRODUCTICON.exe
2011-10-03 03:06 . 2010-04-15 08:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-13 06:05 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 08:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 08:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 08:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-13 06:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 06:04 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-13 06:04 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-13 06:04 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-16 08:42 . 2011-08-05 13:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-06-22 03:02 252832 ----a-w- c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-11-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-03-02 47360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-28 722416]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 18:40]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 18:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\uxnp83zv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-16 17:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-16 17:18:16
ComboFix-quarantined-files.txt 2011-11-16 16:18
.
Vor Suchlauf: 2.660.659.200 Bytes frei
Nach Suchlauf: 2.641.063.936 Bytes frei
.
- - End Of File - - FCDD0BED29E000679B011DB41C9AF314
|
|
16.11.2011, 17:45
| #10 |
| /// Malware-holic | Nerviger Skriptfehler von startsear.ch sieht gut aus lade den CCleaner standard: CCleaner Download - CCleaner 3.12.1572 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.11.2011, 20:24
| #11 |
| | Nerviger Skriptfehler von startsear.ch Ich hoffe, dass ich es richtig verstanden habe Adobe Flash Player 10 Plugin Adobe Systems Incorporated 09.07.2011 10.3.181.26 nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.10.2011 11.0.1.152 nötig Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 01.11.2011 119,0MB 10.1.1 nötig Amazon MP3-Downloader 1.0.9 31.10.2011 2,56MB unnötig ArcSoft PhotoStudio 5.5 ArcSoft 08.05.2011 25,0MB unnötig Ask Toolbar Ask.com 12.09.2011 3,71MB 1.13.1.0 unnötig Avira Free Antivirus Avira 24.10.2011 70,1MB 12.0.0.861 nötig Bing Bar Microsoft Corporation 22.05.2011 1,08MB 6.0.2156.0 unnötig BlackBerry Desktop Software 6.1 Research in Motion Ltd. 08.10.2011 99,8MB 6.1.0.35 nötig Canon CanoScan Toolbox 5.0 08.05.2011 8,88MB nötig CanoScan LiDE 600F 08.05.2011 3,93MB nötig CCleaner Piriform 15.11.2011 4,13MB 3.12 nötig Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 09.11.2011 11,6MB 5.0.6 nötig Citavi Swiss Academic Software 09.11.2011 62,9MB 3.1.15.0 nötig Conduit Engine Conduit Ltd. 13.01.2011 3,82MB unnötig DVDFab 8.0.6.7 (02/01/2011) Fengtao Software Inc. 02.01.2011 38,3MB unnötig EasyBits GO EasyBits Media 16.06.2011 10,7MB unnötig EPSON Scan 04.01.2010 5,52MB nötig EPSON-Drucker-Software SEIKO EPSON Corporation 04.01.2010 nötig EXMARaLDA 1.7 Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland 18.05.2011 83,4MB nötig Free Window Registry Repair 11.11.2011 2,14MB unnötig GMX Softwareaktualisierung 1&1 Mail & Media GmbH 18.04.2011 1,44MB 2.0.0.8 unnötig Intel(R) Graphics Media Accelerator Driver 19.12.2009 nötig Java DB 10.6.2.1 Oracle 09.04.2011 29,9MB 10.6.2.1 nötig Java(TM) 6 Update 29 Sun Microsystems, Inc. 13.04.2010 94,5MB 6.0.290 nötig Java(TM) SE Development Kit 6 Update 24 Oracle 19.04.2011 138,3MB 1.6.0.240 nötig K-Lite Codec Pack 5.7.0 (Standard) 06.03.2010 36,7MB 5.7.0 unnötig LECTURNITY Player imc AG 08.11.2011 83,8MB 4.0.0000 nötig Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 14.11.2011 6,76MB 1.51.2.1300 nötig Mein Gutscheincode Finder 1.0.0.0 Conversion One GmbH 11.08.2011 1,91MB 1.0.0.0 unnötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 20.12.2009 37,0MB nötig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.12.2009 37,0MB nötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319 nötig Microsoft Office Enterprise 2007 Microsoft Corporation 02.03.2010 650MB 12.0.6425.1000 nötig Microsoft Office File Validation Add-In Microsoft Corporation 13.09.2011 7,92MB 14.0.5130.5003 nötig Microsoft Office Outlook Connector Microsoft Corporation 06.07.2011 3,36MB 14.0.5118.5000 nötig Microsoft Office Word Viewer 2003 Microsoft Corporation 13.09.2011 11.0.8173.0 nötig Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 17.04.2010 7,77MB 8.0.50727.42 nötig Microsoft Silverlight Microsoft Corporation 12.10.2011 60,1MB 4.0.60831.0 nötig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.07.2011 1,74MB 3.1.0000 nötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001 nötig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 19.01.2010 0,19MB 9.0.30729.4148 nötig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 08.10.2011 1,41MB 9.0.21022 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.12.2009 0,58MB 9.0.30729 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.04.2010 0,58MB 9.0.30729.4148 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161 nötig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.10.2011 12,3MB 10.0.40219 nötig Mozilla Firefox 7.0.1 (x86 de) Mozilla 15.10.2011 34,2MB 7.0.1 nötig MSXML 4.0 SP2 (KB927978) Microsoft Corporation 18.04.2010 34,00KB 4.20.9841.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.04.2010 34,00KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.04.2010 1,34MB 4.20.9876.0 unbekannt Noise Reduction Plug-in 2.0i Sony 27.07.2011 5,30MB 2.0.455 unnötig Phase 5 HTML-Editor Systemberatung Schommer 18.01.2011 3,72MB 5.6.2.3 unnötig Presto! PageManager 7.15.14 NewSoft 08.05.2011 160,0MB 7.15.14G nötig ScanSoft OmniPage SE 4.0 Nuance Communications, Inc. 08.05.2011 154,7MB 15.00.0020 nötig Skype™ 5.5 Skype Technologies S.A. 14.10.2011 17,0MB 5.5.124 nötig SopCast 2.0.4 SopCast.com 31.10.2011 8,57MB 2.0.4 unbekannt Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 29.01.2010 29,7MB 9.0.0 nötig TomTom HOME 2.8.2.2264 TomTom 16.07.2011 49,0MB 2.8.2.2264 nötig TomTom HOME Visual Studio Merge Modules TomTom International B.V. 16.07.2011 1,88MB 1.0.2 nötig Uninstall 1.0.0.1 04.05.2011 25,6MB unbekannt uTorrentBar_DE Toolbar uTorrentBar_DE 13.01.2011 3,97MB 6.2.7.3 unnötig Veetle TV Veetle, Inc 12.09.2011 9,89MB 0.9.18 unbekannt VLC media player 1.0.3 VideoLAN Team 22.01.2010 73,1MB 1.0.3 nötig vShare.tv plugin 1.3 vShare.tv, Inc. 26.09.2011 0,58MB 1.3 unbekannt Windows Live Essentials Microsoft Corporation 07.07.2011 15.4.3538.0513 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 06.07.2011 5,58MB 15.4.5722.2 unbekannt Windows Media Player Firefox Plugin Microsoft Corp 08.05.2010 0,29MB 1.0.0.8 nötig WinRAR 27.02.2010 3,79MB nötig |
|
16.11.2011, 20:34
| #12 |
| | Nerviger Skriptfehler von startsear.ch Der Fehler ist verschwunden!!! Danke schön!!! |
|
16.11.2011, 20:40
| #13 |
| /// Malware-holic | Nerviger Skriptfehler von startsear.ch deinstaliere: Amazon MP3-Downloader ArcSoft Ask Toolbar Bing Bar Conduit DVDFab EasyBits Free Window Registry Repair GMX Softwareaktualisierung bitte alle java versionen außer: Java(TM) 6 Update 29 K-Lite Mein Gutscheincode Finder Noise Reduction Phase 5 uTorrentBar_DE Veetle vShare Windows Live falls du davon nichts nutzt, alles weg. bereinige mit dem ccleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.11.2011, 21:27
| #14 |
| | Nerviger Skriptfehler von startsear.ch Vielen herzlichen Dank für die super schnelle und kompetente Hilfe!!! Ich werde mein beschiedenes Danke schön als Unterstützung dieser Platform gleich überweisen  |
|
17.11.2011, 11:43
| #15 |
| /// Malware-holic | Nerviger Skriptfehler von startsear.ch man dankt :-) öffne otl klicke bereinigen pc startet neu, löscht einige der verwendeten tools. wollen wir das system noch absichern?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Nerviger Skriptfehler von startsear.ch |
| bericht, bösartige, dateien, entfernt, explorer, fehler, files, hijack, hijack.startpage, hilfe!, hilfe!!, installiert, malwarebytes, microsoft, minute, nervige, not, schädling, schön, service, skriptfehler, software, spring, startsear.ch, system, version, verzeichnisse |
Linear-Darstellung
