| |
| |||||||
Log-Analyse und Auswertung: Trojan.BHO und anderes lustiges ZeugsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.11.2011, 09:28
| #1 |
| |  Trojan.BHO und anderes lustiges Zeugs Hallo, Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8226
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23.11.2011 20:50:58
mbam-log-2011-11-23 (20-50-58).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188258
Laufzeit: 6 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ShoppingAdsHelper.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingAdsHelper (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Foxicle (Adware.Foxicle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\program files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
c:\Users\Karin\AppData\Roaming\microsoft\Windows\start menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\program files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 24.11.2011 12:12:44 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free 6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32 Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.24 12:08:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Downloads\OTL.exe PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.11.15 08:55:50 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.02 21:21:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.28 18:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.01.30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011.11.19 17:04:22 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.11 12:12:43 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.07.03 12:43:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 12:43:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.03.23 11:58:14 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.14 12:39:02 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/06 17:11:17] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.08.28 18:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/16 10:19:34] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.02 10:52:50 | 000,175,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter ========== Chrome ========== O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8A2319-425F-4F6A-83ED-D7DE6F1A8B21}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BEFE19-EB18-4821-80AB-0FD89C738699}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDC20C-0D3A-443F-A3EA-5238F9D39D69}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2011.11.23 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Systweak [2011.11.23 22:35:54 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2011.11.23 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes [2011.11.23 20:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.23 20:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.23 20:30:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.23 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.20 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Paybackcoupons [2011.11.20 19:20:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\Payback [2011.11.20 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Betriebsrat [2011.11.20 18:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.20 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0 [2011.11.20 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0 [2011.11.20 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects [2011.11.20 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz [2011.11.20 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0 [2011.11.19 19:11:00 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2011.11.19 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.19 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.11.19 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.19 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.19 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.19 17:04:28 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.11.19 17:04:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.11.16 12:37:22 | 000,000,000 | ---D | C] -- C:\MQAReport_q [2011.11.16 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink [2011.10.28 15:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job [2011.11.24 11:15:05 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.24 11:14:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 11:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 11:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.24 11:14:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.11.23 23:21:42 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.23 23:07:33 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin [2011.11.23 22:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable [2011.11.23 20:30:24 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.22 10:29:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.22 10:29:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.22 10:29:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.22 10:29:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.21 18:15:18 | 000,472,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.20 18:08:16 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 17:22:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk [2011.11.19 19:06:52 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.11.19 18:46:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.19 17:51:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.19 17:51:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.19 17:04:22 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.11.19 17:04:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2011.11.19 16:58:24 | 000,000,105 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\default.pls [2011.11.19 16:47:31 | 000,006,144 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.15 08:56:22 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.11.15 08:53:02 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.23 23:02:04 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2011.11.23 22:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable [2011.11.23 20:30:24 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.20 18:08:16 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 17:22:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk [2011.11.19 19:06:52 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.11.19 18:46:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.13 09:43:30 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll [2011.06.28 13:11:23 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.04.03 14:16:46 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{EFFCF240-71E7-4A74-AD20-14C1C3836F69}.dat [2011.03.11 17:28:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.07.10 17:46:35 | 000,006,144 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.24 18:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.24 18:29:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.13 20:52:54 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll [2009.03.13 21:51:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.02.22 11:29:41 | 000,000,105 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\default.pls [2009.02.13 16:44:57 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.02.07 15:07:19 | 000,004,607 | ---- | C] () -- C:\Windows\hpdj3600.ini [2009.02.07 13:45:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.06 14:30:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.02.06 14:29:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.02.01 18:13:24 | 000,007,592 | ---- | C] () -- C:\Users\Karin\AppData\Local\d3d9caps.dat [2009.01.25 14:31:47 | 000,000,511 | ---- | C] () -- C:\Windows\wiso.ini [2009.01.24 18:12:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.09 20:13:56 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.12.09 20:13:56 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.12.09 20:13:56 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.12.09 20:13:56 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.12.09 13:05:06 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2008.12.09 12:53:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.12.09 12:53:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE3.sys [2008.12.09 12:53:30 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys [2008.12.09 12:53:30 | 000,294,016 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys [2008.12.09 12:53:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE.sys [2008.12.09 11:25:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.12.10 08:00:00 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,472,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM [2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service [2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard [2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft [2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular [2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0 [2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite [2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML [2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia [2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite [2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH [2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung [2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein [2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak [2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit [2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software [2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone [2011.11.24 09:42:19 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job ========== Purity Check ========== Code:
ATTFilter OTL Extras logfile created on: 24.11.2011 12:12:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free
6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32
Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A069D7-066B-450A-AEAA-C981280A53C9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{05D6220F-DF41-4432-8C37-B82E101EAAF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{09912E9B-52A0-431A-973A-6D3F92F21580}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B0E0601-3D0B-4F4C-A983-3E96D804BB31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A2991F1-9F1C-4A7D-9F17-3B80607EE529}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A30A740-EEA1-441E-90BE-8BEFBC485BF7}" = lport=5357 | protocol=6 | dir=in | app=system |
"{225871D0-086A-47F1-8517-5ECF48921AD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{237DE376-D79E-4E98-8A27-9DDB71DDA9C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{23BAE9EA-1B55-4917-9A80-8CBEC6BA8842}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{266D28D2-C6B2-414F-B96B-CDF67C78A5F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{342DEE81-0657-44FC-9505-AC2ABC5E0EE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{361B293E-F7E7-41AF-8D32-671DCB96307B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{368EDBE8-60D8-4349-81BB-A048347E85F4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3887C2C1-8D4C-4523-B532-8E0F46EF6922}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{390CDCB1-3F56-4B00-8038-99B85DE87B7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AB0E24B-10D9-4713-80AC-E4800CEDCCB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3F8F56F5-95E2-4AAA-96A9-8DB70FFC3F60}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45A47686-3453-4DEC-A447-FCE1F3488FAF}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4642C7E0-75B4-4943-A975-63F85AB19144}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49116ED8-380B-458F-A41B-12009CDB7339}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{498648D4-DA1F-4EB8-B84E-0E74EACEC119}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{499FD273-4025-454C-84B4-7C38243F45CA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4AD1ABA8-75A5-4302-B31A-6200A52F8036}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4C8B705A-7886-4FC0-813B-36905212159F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56113B4E-EB3B-4723-983D-1D0AEB3A6862}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{5D560D5F-E4A4-407B-B421-9939F7AFB27C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{60B0686F-AB23-4D6E-BD92-A43AB3BC34B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{613700A5-3529-4924-82B4-DA4E28F87F5B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{6270E95A-F0D9-4596-94E5-CD262C02B572}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{6452F075-9E19-462B-AA3B-0C8D2BA06447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6936C1B3-AB4C-471E-8988-324397777EF3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C2E790C-67DD-4F4E-853B-D69F7DAAC178}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6FBC1412-4495-4F14-80D9-7A42B54E0ADE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{73502BD1-5CD2-4BE0-9D23-7C1F143B3983}" = lport=40823 | protocol=17 | dir=in | name=emule |
"{7685F925-44BA-4E81-83B6-B1B21264C8E0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7940E762-55C3-47EE-8051-02FF0EBCD5D2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79F3C6AF-98AB-4016-BB6F-752810B23783}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D4F780C-F402-4E53-8E9F-2FB9175FA8D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83F8B635-C6B5-410B-9FE1-98BEACAE8AC5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{92E3A5B1-BF5D-483F-BAC6-3CA42EBC85B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{974A9343-8838-4A80-A5B5-3D5B9205861D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9A6C2CE9-9DDE-4FBA-8078-CF7D5FEEA741}" = rport=5358 | protocol=6 | dir=out | app=system |
"{9DEEFCAB-CEBC-464D-B67D-EF721472DD08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F394D8B-29D6-4316-A2C8-2E37B3097513}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F5BE16E-FEEF-4D89-962B-D9287946D786}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A2C7CD6B-1BEC-4B9A-82EC-5568F787F0FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3AB2A0A-09BB-4150-9123-0C8D3D47D656}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{B134D277-D3D3-4274-8F53-E6848F69B0C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B563FE0E-7D0F-4187-A249-BBBCE12CEACC}" = rport=5357 | protocol=6 | dir=out | app=system |
"{BAD5D785-F0F5-4A80-9AF7-0BEFC3968557}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{C0F00A23-0138-4D4A-B7CE-292022DD1B86}" = rport=445 | protocol=6 | dir=out | app=system |
"{C222B250-E58D-44C3-91AA-0DF5FD900A11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C32EF195-4DD9-4C68-AB1E-B12E6426CE41}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CAC25B60-3FF5-4898-A4C4-1515F97312ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF18FAD4-CA96-4D10-8EF8-15B0D55E44ED}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF3E0DE7-550A-4370-B98B-5E8816FD1203}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D095823F-6398-4862-9581-3E0BBCBFA742}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4008930-367A-4FA1-B559-3659E79B7AFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE4E1E09-DB42-4F21-ADEF-F171423396E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2511168-59EF-4944-B3D2-F626489B3A1E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E8BD188B-37F8-453F-8319-C42F4B802E28}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EB2C1C73-7721-4745-B698-96FA59065756}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF1E5717-A446-4292-97BF-0D38CA0EBF96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F637582C-D047-4AE9-A5FF-C07FCF414AA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB599224-CDD2-47DF-8376-BF062F785EF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FC5F5518-258E-4039-B5D6-3AFB07AF5687}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013EC4CF-8B13-4611-BCA7-99F7CE4A07BD}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{022D32B1-58AB-405D-841D-0A68050F3B19}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{030F62AF-DE53-42C3-8F70-B95A9422959E}" = protocol=6 | dir=in | app=e:\fsetup.exe |
"{094AC69B-0D83-41F9-8797-93F4930B212C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CFD38CB-72AF-4991-A66A-CC50C805EA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{179C71A3-F798-477D-83CF-CD4340F0FC33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{185C0F07-485F-4D8A-8401-B06DB1D34CD3}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{18CEB5B7-8580-4D8F-BEFF-22B832A63C86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C81244F-1B53-48D4-9A38-A1F3F5E1EBDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DDA5972-DBB8-47FA-A8FC-C6092A0EA20B}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{2F7A52B8-53B0-45AE-935E-64EF5A32B5F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FF42EC3-2C21-4374-8C40-F89C8E07B24F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{3020A3E7-22E7-40B2-8FF5-8A98D2C392A9}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{30645E84-E0DF-4B13-BAD3-3F170A7E7AD1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{46FBC8DD-4F9E-4822-A7C3-3D7C39CC7405}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{47203123-CC5E-4065-9537-51D442014BB5}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{472D50AE-6907-4C84-A76F-18AD9C532504}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{4A1EE710-742E-4502-9B65-B3493D95551D}" = protocol=17 | dir=in | app=e:\fsetup.exe |
"{4CEFC5D9-4E41-4803-836B-5902F8CE315A}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{4DF030EE-E4F2-4C57-BFF4-89725126CD4C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4FA8C39D-407F-4280-928C-3C2CEDBB7400}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{4FC9228F-BFFF-461D-AAD4-23445DA39B0E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4FFCECB3-3AB1-41E5-8167-3818E7E31FB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50CA6E84-A250-42CE-A57E-F217CBDEA33D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{513157A3-5FB3-4157-B4D8-2B627D801AFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5265AE0E-BB76-4081-904F-C5CEBB72DF6C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{53B00529-AB4A-4183-9C76-8B3988485EC6}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{555FDF37-FD79-489E-9886-BFEC22D95E6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E1804C6-697E-4383-BCA3-2FA1D08AF47D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{64671DAC-C4C8-42BA-859A-AC02D6BFEBDF}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{648A1F8D-7861-4720-9736-2FF50F217962}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{64A3ED39-E9B5-494D-8E83-4D48FF2E6B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64D21B49-C735-43A8-8279-72A013863D8E}" = protocol=6 | dir=out | app=system |
"{6A408D44-BF7C-4C59-87EE-D41B3FA1CE14}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{6A535726-DDAB-4EA0-82AA-8E2F6AAF2506}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{6C73A5E9-ECDC-4CB3-9DB3-3EBC3E187ABA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6C7A094F-A4CE-4DE1-94EC-4ECDD35EA9C0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D0BCED8-5F8D-4855-911E-C26EAEDF8C04}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{7B7708E5-1590-4449-B26F-48091A839A90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D605499-89B5-4BB0-8770-25EBDAE97EFF}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{7ECFC43D-5708-4DBC-8786-9C6FD3352B59}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7FE1C699-EB9D-485E-B769-CE8BBF42A30B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{8218C9FF-4759-462B-B010-5A48AA4B814E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8A73B466-F320-4F79-852F-B0DFF70BB197}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8FCB56A4-6561-4D30-88AB-A5BFA73D34FB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{90D7E835-1FB4-46FD-ADC2-025748278C28}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9634A17C-F4B1-454A-9D9F-BFB5B5832B0D}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{9C4FAD13-5F4D-4E4B-B8F9-F4EA747C68C9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A0A99AC6-C721-40CC-93B9-DEB61A8059FB}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{A4D0D82F-5F92-45AA-85FE-67C0F72FD046}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A71D3663-4321-4AC8-B949-22071ADBFDD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB9CD28F-AFD6-4F22-B9F7-EEFEF266E50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{ABF9C6C5-C704-4455-BA46-D577C9617859}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC516A57-1616-4257-AD24-322D7FD19C3B}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{B92C7C80-DE76-472D-B6E7-EF2F53705ACD}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{D20599EA-33A0-4C93-968C-5198E8C3B8AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D3F3DB90-B75E-4968-859E-60B8BE6629AC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DFCCD596-4399-474F-A14B-DE2958B8B2D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E8857001-1203-4CC4-B1DF-FF08D38D6654}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{EFB8A413-2964-4E22-AEC9-9FBB2455F0D1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F08B226B-5158-4F9E-BFBD-F46C1B15B9F6}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{F1A75584-0B5B-4691-8142-7723B8C61BA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3971018-CA8B-4910-AD95-01C10C437089}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F825E5AA-B8D0-4767-989F-F0C4FFA066E2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{F8949F23-B9D7-4AFF-80CC-4616F61B0723}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{FFB73710-1F8D-40BA-AFF0-97899441B17A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0BB6F299-3947-4935-8614-1831C905E257}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0F6F69CC-2EA7-4BC4-817A-2F55867C6567}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4C08EC06-46DF-4F51-B530-F298CED90029}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{8D0675FA-2716-4478-B9E1-3A33C60992F9}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |
"TCP Query User{A1D3AAED-8815-4F33-AFEE-A950B9BE2BF3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{B06AB857-A266-4C63-B933-5F639E77B59C}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"TCP Query User{B1EAD652-4820-4F6A-B55F-E7883B241CAF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BEBFCC43-6434-4A82-993F-78BB44F7D4E7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{C6F4AD5F-25CF-4032-B1D6-8F17C04B0197}C:\program files\simplecenter\home media server.exe" = protocol=6 | dir=in | app=c:\program files\simplecenter\home media server.exe |
"TCP Query User{E1ABF2EC-AC64-49BD-A65D-1361B451EB74}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |
"TCP Query User{ED421BFC-D552-461A-9700-A0FB35C7E498}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{13F9ED1F-105D-45E5-902C-87F18B5A84D3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{17A96713-461A-4027-AB0A-57CEBD5EADF9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{1EFEAC83-0121-4A96-B8C3-3A6CBD26DB92}C:\program files\simplecenter\home media server.exe" = protocol=17 | dir=in | app=c:\program files\simplecenter\home media server.exe |
"UDP Query User{3C704716-B88B-4494-A398-2BAF7EC301AD}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |
"UDP Query User{5C3A9EA5-F63C-481D-9F9F-9D651BD9DC1D}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"UDP Query User{7856796D-44B2-4895-9C05-84DA2501A4E0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{79D06EAE-C69F-4722-B7CC-202EAA8F4668}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |
"UDP Query User{8006DEE8-6E59-4104-B221-DC671E1A1521}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CC17D4FE-A7C6-48FF-9CAC-2C834868289E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D1C98D10-B868-4C8B-883B-C04BB13EF8A1}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{E50A7AEC-E263-4AAA-B9E8-DE3710BC1131}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{013EFF7A-3F00-485B-9194-DD677C9EAFD5}" = StarMoney 7.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys Logic PC Camera Device
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83C68799-9E25-498C-B20F-F0FEE2AF3ACC}" = Sparwelt.de Gutschein Alarm
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BFGC" = Big Fish Games Client
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"bwin Casino" = bwin Casino
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"Google Chrome" = Google Chrome
"Home Media Server 4.2.0.32" = Home Media Server 4.2.0.32
"HP OrderReminder" = HP OrderReminder
"hp print screen utility" = hp print screen utility
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2011 18:09:20 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.11.2011 18:22:04 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.11.2011 04:26:09 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 22.11.2011 16:19:25 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.11.2011 05:35:47 | Computer Name = 24-01-09-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
im Netzwerk verwendet werden.
Error - 23.11.2011 05:36:27 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.11.2011 15:56:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.11.2011 17:12:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.11.2011 18:08:39 | Computer Name = 24-01-09-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
im Netzwerk verwendet werden.
Error - 23.11.2011 18:09:15 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.11.2011 04:26:10 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
--- --- --- GMER stürzt immer ab... Liebe Grüße |
| Themen zu Trojan.BHO und anderes lustiges Zeugs |
| 0x00000001, antivir, autorun, avira, bonjour, converter, desktop, ebay, error, excel, excel.exe, fehler, flash player, format, google chrome, google earth, home, iexplore.exe, install.exe, intranet, logfile, netzwerk, nvlddmkm.sys, pdfforge toolbar, plug-in, realtek, registry, rundll, security, server, shell32.dll, software, starmoney, svchost.exe, udp, usb 2.0, version=1.0, vista |
Baum-Darstellung