| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner und noch mehr mit Malwarebytes gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.08.2012, 20:42
| #1 |
| |  BKA Trojaner und noch mehr mit Malwarebytes gefunden Hallo zusammen, ich bin seit gestern auch das Opfer des BKA Trojaners geworden, ohne dass ich so Recht weiß wie, und ich bin komplett unerfahren im Ausmerzen von sowas. Daher bräuchte ich etwas Hilfe. Der Trojaner sperrte mir den Desktop, nachdem ich den Browser ein paar Sekunden geöffnet hatte. Daher habe ich Malwarebytes (im normalen Modus, nicht abgesichert, weil mein Laptop beim Hochfahren im abgesicherten Modus nicht über eine bestimmte Datei rüberkam  ) suchen lassen. Die Malware-Datenbank habe ich "offline" mit der mbam-rules.exe dazu geladen. Das Programm hat einiges gefunden, was ich in die Quarantäne verschoben habe. Danach konnte ich nach einem Neustart wieder ungehindert ins Netz. Weil ich mir über die Aktualität der Malware-Datenbank nicht sicher war, habe ich schnell online Malwarebytes aktualisiert und einen 2. Scan gestartet.Die beiden Suchläufe ergaben: Die Log-Files von Malwarebytes: 1. Durchgang: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 01.08.2012 23:11:46 mbam-log-2012-08-01 (23-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523442 Laufzeit: 3 Stunde(n), 11 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Katharina\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Katharina\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Katharina\AppData\Local\Temp\5rEURRYE.exe.part (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_art-of-illusion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdrtfe.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_deepburner.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_google-sketchup.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Katharina\AppData\Local\Temp\deo0_sar.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files\php\php-5.3.5\ext\standard\tests\file\windows_acls\tiny.exe (RiskWare.TinyPE.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katharina\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 01.08.2012 23:11:46 mbam-log-2012-08-01 (23-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523442 Laufzeit: 3 Stunde(n), 11 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Katharina\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Katharina\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Katharina\AppData\Local\Temp\5rEURRYE.exe.part (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_art-of-illusion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdrtfe.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_deepburner.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_google-sketchup.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Katharina\AppData\Local\Temp\deo0_sar.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files\php\php-5.3.5\ext\standard\tests\file\windows_acls\tiny.exe (RiskWare.TinyPE.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katharina\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL.txt: Code:
ATTFilter OTL logfile created on: 02.08.2012 20:47:28 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Katharina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,25% Memory free 4,23 Gb Paging File | 3,07 Gb Available in Paging File | 72,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 60,09 Gb Free Space | 27,14% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 1,68 Gb Free Space | 14,59% Space Free | Partition Type: NTFS Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.02 18:12:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe PRC - [2012.05.08 20:41:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:41:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 20:41:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:41:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.08.27 14:34:54 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.24 22:16:56 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe PRC - [2010.05.02 14:23:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hotkey Master\HotkeyMaster.exe PRC - [2010.03.20 00:08:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.02 14:23:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hotkey Master\HotkeyMaster.exe MOD - [2007.09.30 20:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2007.09.30 20:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2007.09.30 20:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2007.09.30 20:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll MOD - [2007.09.30 20:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll MOD - [2007.08.14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.29 21:39:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.28 10:38:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 20:41:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:41:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.06.24 22:16:56 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.08.02 20:32:21 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\mrwuqood.sys -- (wwcthm) DRV - [2012.05.08 20:41:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:41:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.17 15:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2011.11.17 15:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2011.11.17 15:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\UimBus.sys -- (UimBus) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.22 13:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.01.22 13:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.03.04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.10.18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.09.10 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.07 04:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {DE0A07AA-BDB3-475C-AB03-039789E444B3} IE - HKLM\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.20 00:09:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011.08.27 14:37:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 15:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 21:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 22:45:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] [2010.03.19 22:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Extensions [2012.07.20 07:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions [2010.05.03 11:52:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.03 20:32:30 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2012.06.28 20:03:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.04 00:17:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.30 23:15:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\engine@conduit.com [2012.06.29 22:33:12 | 000,000,853 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\11-suche.xml [2012.06.29 22:33:12 | 000,002,209 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\englische-ergebnisse.xml [2012.06.29 22:33:11 | 000,010,506 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\gmx-suche.xml [2012.06.29 22:33:12 | 000,002,368 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\lastminute.xml [2012.06.29 22:33:11 | 000,005,489 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\webde-suche.xml [2012.06.11 20:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.05.05 11:00:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.30 16:16:43 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KATHARINA\APPDATA\ROAMING\14001.007 [2012.07.20 07:16:46 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012.05.26 08:57:03 | 000,115,451 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\{268AD77E-CFF8-42D7-B479-DA60A7B93305}.XPI [2012.06.29 22:32:57 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.07.29 21:39:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.25 11:09:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.25 12:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2009.10.26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.13 22:27:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 20:31:17 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.02.13 22:27:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 22:27:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.20 00:26:21 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.02.13 22:27:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 22:27:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 22:27:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyMaster] C:\Program Files\Hotkey Master\HotkeyMaster.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey Master.lnk = C:\Program Files\Hotkey Master\HotkeyMaster.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Katharina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Katharina\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\StepOne\bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7EB2489-4512-4418-831E-06F83B56AE0D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3A04A0-F023-46A4-B61A-61A52850D1EC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 20:45:53 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe [2012.08.01 22:55:27 | 000,000,000 | ---D | C] -- C:\archive_db [2012.08.01 22:51:07 | 000,000,000 | ---D | C] -- C:\Neuer Ordner 1 [2012.08.01 22:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\backup [2012.08.01 22:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2012.08.01 22:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2012.08.01 22:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free [2012.08.01 22:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2012.08.01 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Malwarebytes [2012.08.01 21:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.01 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.01 21:11:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.01 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.30 18:07:47 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\UAs [2012.07.30 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.29 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\13001.031 [2012.07.29 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\xmldm [2012.07.29 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\kock [2009.11.21 17:54:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Katharina\AppData\Roaming\pcouffin.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katharina\AppData\Roaming\*.tmp files -> C:\Users\Katharina\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 20:45:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 20:41:07 | 000,634,424 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.02 20:41:07 | 000,601,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.02 20:41:07 | 000,128,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.02 20:41:07 | 000,105,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.02 20:32:21 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mrwuqood.sys [2012.08.02 20:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 19:20:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 19:20:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 18:12:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe [2012.08.02 17:22:24 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012.08.02 17:21:09 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 17:20:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 17:20:38 | 2146,406,400 | -HS- | M] () -- C:\hiberfil.sys [2012.08.01 23:03:02 | 000,007,916 | ---- | M] () -- C:\Users\Katharina\AppData\Local\d3d9caps.dat [2012.08.01 22:32:41 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk [2012.08.01 21:11:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.01 18:23:00 | 000,192,000 | ---- | M] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.31 15:26:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 15:25:43 | 000,001,863 | ---- | M] () -- C:\Users\Katharina\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 15:25:43 | 000,001,792 | ---- | M] () -- C:\Users\Katharina\Desktop\Avira DE-Cleaner.lnk [2012.07.31 14:07:22 | 000,000,034 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\blckdom.res [2012.07.30 16:16:32 | 000,006,400 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll [2012.07.19 22:29:18 | 000,543,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katharina\AppData\Roaming\*.tmp files -> C:\Users\Katharina\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 20:32:21 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mrwuqood.sys [2012.08.01 22:32:41 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk [2012.08.01 21:11:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.31 15:19:14 | 000,001,863 | ---- | C] () -- C:\Users\Katharina\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 15:19:14 | 000,001,792 | ---- | C] () -- C:\Users\Katharina\Desktop\Avira DE-Cleaner.lnk [2012.07.31 13:32:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.30 16:16:32 | 000,006,400 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll [2012.07.29 20:16:19 | 000,000,034 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\blckdom.res [2012.05.15 23:09:51 | 000,077,824 | R--- | C] () -- C:\Windows\System32\sasperf.dll [2012.03.18 00:15:21 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.06.01 23:39:56 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini [2011.02.28 18:59:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.02.06 00:03:13 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.01.30 21:36:58 | 000,000,239 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\prefsdb.dat [2010.12.19 17:39:40 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.12.08 21:34:42 | 000,003,492 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\kat.xml [2010.12.08 21:29:03 | 000,001,125 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\users.xml [2010.09.14 20:54:05 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.09.14 20:54:05 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.24 09:27:52 | 000,017,408 | ---- | C] () -- C:\Users\Katharina\AppData\Local\WebpageIcons.db [2010.04.16 21:26:51 | 000,000,136 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\wklnhst.dat [2010.04.08 20:59:50 | 000,007,916 | ---- | C] () -- C:\Users\Katharina\AppData\Local\d3d9caps.dat [2009.11.21 17:54:55 | 000,087,608 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\inst.exe [2009.11.21 17:54:55 | 000,007,887 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\pcouffin.cat [2009.11.21 17:54:55 | 000,001,144 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\pcouffin.inf [2009.09.21 22:06:33 | 000,138,409 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.09.21 22:06:33 | 000,138,409 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.18 21:46:40 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.001 [2009.09.18 21:46:30 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.dat [2009.09.17 21:52:27 | 000,192,000 | ---- | C] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.07.29 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\13001.031 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\14001.007 [2012.04.09 18:15:32 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\4 Friends Games [2012.04.09 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Alawar [2012.02.19 13:45:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Alawar Entertainment [2012.04.07 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\AlawarEntertainment [2011.05.25 21:23:59 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Amazon [2012.03.31 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Anuman [2012.04.06 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Artogon [2011.08.16 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Auslogics [2011.10.04 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Babylon [2012.02.19 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Big Fish Games [2010.05.13 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\BITS [2010.03.07 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Canneverbe Limited [2012.04.01 00:26:48 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Casual Box [2012.03.31 01:28:14 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Deep Shadows [2012.05.15 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DeepBurner [2012.03.19 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DesktopIconForAmazon [2012.04.29 10:30:49 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DVDVideoSoft [2011.11.02 13:02:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.02 21:59:21 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\EleFun Games [2012.05.28 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\EndNote [2012.02.19 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\ERS Game Studios [2010.03.20 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashGet [2010.05.13 10:27:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashGetBHO [2010.05.13 10:27:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashgetSetup [2012.05.27 15:30:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Free Download Manager [2012.04.08 23:53:45 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Friday's games [2012.05.06 13:26:56 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameDevo [2012.04.03 00:21:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameInvest [2012.04.06 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameMill Entertainment [2012.04.09 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GO Games [2012.03.31 17:36:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\HitPoint Studios [2010.03.19 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\IrfanView [2012.03.08 23:24:37 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Jason Robitaille [2010.03.19 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\KLS Soft [2012.07.29 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\kock [2012.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Lazy Turtle Games [2012.03.30 23:47:11 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\MagicIndie [2012.03.31 12:17:19 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Mariaglorum [2010.03.19 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Mp3tag [2012.04.09 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\My Games [2012.04.10 22:29:32 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Natural Threat.Ominous Shores [2010.04.16 23:04:27 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\OpenOffice.org [2012.04.10 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Orneon [2010.05.21 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SanDisk [2012.05.16 00:17:57 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SAS [2012.03.30 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Top Evidence [2012.07.31 14:06:11 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\UAs [2012.03.31 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Vogat Interactive [2010.03.07 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Vso [2012.07.31 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\xmldm [2012.03.20 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\YoudaGames [2011.08.15 22:03:48 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Zylom [2012.08.02 17:19:28 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:A7DA2BCD @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:AABCC5A7 @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CAC06C34 @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:4D46D04F @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:6F2340BB @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:EE2DD6CC @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AD2DB2F9 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:AEEC88F6 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:46283136 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1604D047 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:1D6B18F1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:961B84C5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6E2D80C8 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:54380FEC @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:63210866 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:466FA8C3 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:23834E1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C10635F6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B097AC8A @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:79875988 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4C6F9D77 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ED51D3ED @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:769BB147 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C178954A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB3339EF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9195103F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D8FCBEF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:164561C8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BEA2EFEE @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:9FD757A9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:479B1CF9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:386B39C3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C76CFF82 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:58E38390 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D6D084A5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A88BE334 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A0921B2C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:88A44CC1 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:864881BF @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:69AF9D20 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2CB9631F @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0FE0A03C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FFD58FFB @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A819A132 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5164A01F @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6537A16 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C9B27A06 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0017FD @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:00D99749 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DDF112BD @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B64F7263 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:553056F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B3196E8D @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:99B20AD0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:94874C0A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:943971F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:488F7244 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:474022C7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:38FF076E @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:981456CB @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6247E766 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EDC744FB @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BE0654D6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D89509 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9EE6560D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4FA837B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2211E7A0 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:08E5EE32 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E80802C7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C0893153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3E200C29 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E5B07840 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7ADB695A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6C6EB3B @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8855A119 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5CE91C67 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2652902F @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0696EC8E @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:95079543 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:75798D9A @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94B46CA2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1B389835 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F3EFA8A8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D9771F40 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:6F0B6A5A @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56FBA78D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2CED8825 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E894A3ED @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DBC3D477 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A9223B61 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:689AB7E9 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:569CEE83 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1B96CF22 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BF640EE5 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A441D13F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6B7447D4 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:627153F1 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F7FE589 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:404908B5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B845F669 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9BAC4211 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:697DDE2B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:51E66512 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3DB6F365 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D31BE97C @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C22674B6 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3B75B877 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:268BA8AB @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EC0A74A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E3615992 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BE40C8A2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B1381B34 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A0CB43B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:397D67BA @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B0456F0C @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:59465B40 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:55818279 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2B9555D8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0785072C @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B6E6C4EA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A60D0FA6 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:40EE25BB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F5B51004 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:98982C88 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:774A0E14 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C4A588B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E2CFA9CD @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C5DC2B0C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:51F17BB8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5197985B @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:32FFF2D1 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:29F0CA7D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E411AA0D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DB2748F7 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CF61CE5A @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A4E7D25F @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1CB96B16 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B139DDF3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0F0A5896 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:29861223 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:93D985FC @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EF0C5444 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D055FC10 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CDCDE97C @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6378B6B8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C4A88D6B @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AEBC40EC @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3E06C78F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:45912F61 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A56D6987 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:2BC498A4 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:E690114B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:5E9B629B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 20:47:28 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Katharina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,25% Memory free
4,23 Gb Paging File | 3,07 Gb Available in Paging File | 72,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 60,09 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 1,68 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\Foto Paradies\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "C:\Program Files\dm\Foto Paradies\Foto Paradies.exe" "%1" ()
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3562765014-649757542-1335759542-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Users\Katharina\AppData\Roaming\FlashgetSetup\fgmini.exe" = C:\Users\Katharina\AppData\Roaming\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent -- (Flashget)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F49504-9DCE-4529-856E-9612B340658A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0DE8BA26-F409-4871-ACBC-098FE18B604E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{22959358-BAC2-4A77-BBD2-6C95E322CD46}" = lport=139 | protocol=6 | dir=in | app=system |
"{38E628C1-B1EF-41C4-BB14-6B9A31D72758}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4A474972-DF22-450F-ADCF-90E01D49FC51}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4F8C56AD-16C1-49DE-B140-909F753F96EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5A4A1824-B3B9-4A19-BFE7-02F726CC16FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{62872685-CEF2-4831-829A-DAAF091D9DC8}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{62F7B970-5C96-4872-875C-C3E4E3900054}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AB32694-2CE6-46AD-8D34-321248A102BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E7FE525-03FA-4306-AB7E-7532E4632A81}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F0C0F5F-7C7C-4014-A0ED-F49FCA32E095}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp4c\wnt500x86\rpcsandrasrv.exe |
"{9BEB168E-5F4D-451E-AF23-6B98D91F409A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A2B206AF-C5E9-4470-851E-D5B57E328711}" = rport=445 | protocol=6 | dir=out | app=system |
"{ACC0E4DC-F283-472B-B203-F4D7D56419C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B2EEA14D-A39B-4479-80AB-C7DDFA9B2183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB6FA540-54A9-404A-8895-996BFBDDD9F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC8005D2-B851-4EE9-908D-6B24EE69E605}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD099054-1D76-41E7-AEA7-D1FDB1BBF44B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBBD94BF-3F8A-4AB7-AE63-6AFEC3B2E6DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE4D18E2-6648-46A7-8642-ECDA542A3B7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CE8F1870-1D30-40C4-AA91-84A821761036}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CF4C1064-B8E1-4D41-9676-FAE93183C4AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D46C3DD8-BA6B-4664-8C39-D60790B67B24}" = rport=138 | protocol=17 | dir=out | app=system |
"{F049BF66-5A8B-436D-A17D-EE236EE3BA65}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F62D44D3-815F-44CD-9C9A-91D00B819E16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076238C-89DD-4F3A-8C95-3C19B5616F17}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{04B1F9E9-16F5-4553-BFE6-DFA562350424}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05E24CD9-223B-474B-9F05-B509A825B1A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{07384987-DD13-474E-862F-366D919761D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08F102F1-FF8A-4961-827D-4B63DF6606D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CEF96F7-4B2A-41F0-8C7C-9D39B1A16C17}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{0FFD5ABE-9BB4-4873-8EA3-DE25FAA90BED}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{101411EC-DEC5-41CC-A293-3856337040FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1318E709-A2C7-4637-820A-223267751B2C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1392FA11-EFCF-4214-B656-9AE28D8D07DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17F27D3E-35F3-45D2-98DE-7E73B1EC2569}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{194AAE26-41F9-4573-8EEF-CF343ED0D7D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ECFC0E3-D7D0-475E-BD21-9F5827B790A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269396CE-59AF-48FD-968F-7C9BACE476AA}" = protocol=6 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{2989E04A-50D0-4923-90CC-FC18DFEE2C10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C322FD3-D1B2-4777-9A84-13425D2AF471}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1FA36D-1E54-43D7-AEBE-B729546C78E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B3CC67A-A535-475D-97A3-3E0A777A08B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4D026394-083F-49F4-9FFA-F6CEE5F0D9ED}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{55C4ADA9-A826-4AC4-8168-0B185F4FE39B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BA15A65-80D9-46B6-83CC-B0D50AABD2C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C1BDBCD-A111-4618-90CA-9FDBEE4144C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{65076D90-E8CF-45CC-A013-A167D76022E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66074B32-3546-4A4E-A867-A8BD49A81E65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{660E6FF0-5AA0-4740-8781-A37C7B3AACCD}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{711B99CD-C82C-49EE-B4AC-2DEFD2107D7D}" = protocol=17 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{741A0EDD-D7E2-4E49-8458-4276EC2211CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762A0A8D-1D51-4C25-8A7A-2F50DAB81F94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{76713E1F-972F-430D-84FF-7216B3868CFA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{791143AE-11E5-4C81-9BC0-E520AAAAAE95}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7EC15A72-658C-4D2C-96E3-24BB7EFE2611}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8088D790-24DF-4019-84B9-5C84A426B102}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{82BD6292-3753-4C8C-B85B-84D9D47E3E86}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{901582C4-5622-4058-A2BB-3A9244DD236D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{906AA88E-43F2-4416-9EBC-73A535232DE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{978AB02A-46AB-43B9-B11F-617CDA011CB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C2FDA0B-7EF0-4795-8F42-10794E564DAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA3135AD-6724-40EF-88BA-5DE528F98F20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB8212E7-A0B6-4E5E-8615-8C4FF0EC5938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC9185C9-0E4E-4653-BF91-4E9FE56F4198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADACD454-D612-4B3D-907C-31DD25441097}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ADDCA68C-6ADA-4B1E-9ECE-5FB2832F32CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF5D801F-422D-4DA1-BD89-A786D3FBF15E}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{AFC3883B-4C86-4E5D-8E89-19F54C42B15E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2CCD50B-81A7-4170-9679-B42C078B29CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{B320D48D-3A9D-4713-81D9-BCF9F96731AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B419EE50-D6C2-4751-83E2-65A2530BFD81}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B7C51C32-A808-45B7-A86A-7CA7680F9601}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7C5A869-DC5E-414A-93BA-9089B9EB44E7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C8FB9FF2-2EF6-4A93-A547-652A05484348}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC7B51C4-6F1E-415A-AA0E-EE6AB789CA31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEF34F11-96C1-4991-9F2A-0AF02D83FAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF633656-7A67-471B-A7C4-9153B4C89A18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D57A1752-4EB7-4CF1-9F75-2C1DD2708DCB}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DDDE9E29-2ED3-4635-A96B-A847E7F001E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3359551-1E54-4062-A89C-D162F6DFC4E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E439FB9B-A48A-488C-A816-54C7CD46256B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E64CC4F6-34F5-4422-ACCA-6B7FB4FAA276}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E84E99AF-5FCA-41C8-95B4-C90FF9CD38C0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E8C98FBD-D254-4665-A082-8837AD91333B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC9D8470-B581-41B4-B3A9-C9DF0CBF04AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECF2E487-025B-4DF9-8CC8-833359FBDAD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFEB2251-76DE-4172-B47A-EA410920546B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F2CE2DC6-F90B-4C9B-9187-8E12BB617A50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F46BE57C-49E5-4BEF-A94B-CED88BEC177D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F955D700-E67F-484D-9AF5-2AAF89E5C8B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD892BC0-A28D-4F24-9DA4-A8432FC52D68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0D39E007-89FF-404E-AD24-061DBA654DCF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{2E4C9F8A-A11C-4DCF-A985-7C1B5B781531}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3D067203-CB5A-4C44-AD77-0451C0249322}C:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=6 | dir=in | app=c:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe |
"TCP Query User{49D2FB28-55D8-4A22-BA75-2F7749E07C94}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
"TCP Query User{756DCAAE-0394-4EBA-A400-81CC6DF33244}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{B62ACAE4-AA04-4EFA-BE73-8B60BEC45E34}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
"TCP Query User{BD3C3FAA-E9D7-4FD5-B8BE-CC68958197A2}C:\program files\stepone\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\stepone\jre\bin\javaw.exe |
"TCP Query User{E3ECB558-FEDB-47A5-B2B9-D41FD890B1D3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{17C73EC5-4DF7-4718-8E0C-DCAF2FFCD793}C:\program files\stepone\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\stepone\jre\bin\javaw.exe |
"UDP Query User{326A1702-710F-4EE1-8AEF-926FBCFA6B16}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
"UDP Query User{721FD2D7-848B-43B3-AA56-3EC0598BC9B4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{93E743AD-7072-4743-97D7-B5C2099DC8BF}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{A1D51BCA-6FDE-4C04-BF9C-A876348D9DBF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DCA79B49-0AA6-443A-92E5-AFDD94EF34E2}C:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=17 | dir=in | app=c:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe |
"UDP Query User{DEB3F722-62ED-41F8-9596-75EE249952E1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E79DD19B-B786-4702-AC7D-F33513AEAEEB}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BBA8AC3-ACD0-4C10-8451-0A79D14227ED}" = JMPProfilerGUISetup
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CEE62F6-9280-4508-BB3B-F1F40F7440C9}" = StepOne Software v2.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79680002-DB49-4811-8CE0-FD84F81E04C6}" = CNAG_3.3.0.0_Beta
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{97EC9C16-6682-4BE4-9122-B48A79006D9A}" = JMP 9
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99669D61-FF21-4A5D-9DCC-33DBCCCFDCF9}" = SAS Enterprise Guide 4.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4B0BFFE-DADB-4D00-8C8B-26B6EA87FCC5}" = SAS/IML Studio 3.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3699351-FCC8-40C1-BB00-23E555A0E87E}" = JMPProfilerCoreSetup
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-4-2 (All Users)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Legends - Die Pik-Dame" = Haunted Legends: Die Pik-Dame
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3
"DivX Setup" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2
"ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07]
"FormatFactory" = FormatFactory 2.60
"Foto Paradies" = Foto Paradies
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Download Manager_is1" = Free Download Manager 3.0
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.4
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.4.423
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Master" = Hotkey Master
"InstallShield_{6CEE62F6-9280-4508-BB3B-F1F40F7440C9}" = StepOne Software v2.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"IrfanView" = IrfanView (remove only)
"KLS Mail Backup_is1" = KLS Mail Backup 1.9.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Micrografx Designer 7" = Micrografx Designer 7
"Micrografx Graphics Suite 2 Enterprise" = Micrografx Graphics Suite 2 Enterprise
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Micrografx QuickVector" = Micrografx QuickVector
"Micrografx Simply 3D 2" = Micrografx Simply 3D 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mortimer Beckett and the Time Paradox Deluxe" = Mortimer Beckett and the Time Paradox Deluxe
"Movies" = Movies
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46
"NVIDIA Drivers" = NVIDIA Drivers
"Photomatix Basic_is1" = Photomatix Basic version 1.0
"Pixum Fotobuch" = Pixum Fotobuch
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"REST 2009_is1" = REST 2009 2.0.13
"Siege of Avalon Chapter 1+" = Siege of Avalon Chapter 1+
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.7
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.2.9
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zattoo4" = Zattoo4 4.0.5
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 16:02:36 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x12dc,
Anwendungsstartzeit 01cd6f576de02e91.
Error - 01.08.2012 02:32:39 | Computer Name = Katharina-PC | Source = VSS | ID = 8194
Description =
Error - 01.08.2012 13:51:02 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xf78, Anwendungsstartzeit
01cd700e36c951e1.
Error - 01.08.2012 13:52:02 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x1164,
Anwendungsstartzeit 01cd700e5ab97441.
Error - 01.08.2012 15:25:34 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x704, Anwendungsstartzeit
01cd701b6bdeff81.
Error - 01.08.2012 15:28:25 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x14d0,
Anwendungsstartzeit 01cd701bd0ee9481.
Error - 01.08.2012 16:50:10 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x1078,
Anwendungsstartzeit 01cd70273d4b640a.
Error - 01.08.2012 17:08:11 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x103c,
Anwendungsstartzeit 01cd7029c1fc0320.
Error - 01.08.2012 17:08:11 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x17b4,
Anwendungsstartzeit 01cd7029c1f74060.
Error - 01.08.2012 17:30:40 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nvcplui.exe, Version 3.9.731.0, Zeitstempel
0x4e991d0e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x006d8e70, Prozess-ID 0x12d4, Anwendungsstartzeit
01cd702cd2a7ce40.
[ Media Center Events ]
Error - 18.11.2009 15:36:54 | Computer Name = Katharina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 31.07.2012 13:27:22 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 13:46:25 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 13:47:16 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 31.07.2012 13:47:17 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.08.2012 16:45:31 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2012 16:58:04 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2012 16:59:29 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 01.08.2012 16:59:29 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2012 17:03:22 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.08.2012 11:22:20 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Was muss ich denn nun weiter tun, um diese Quälgeister fern zu halten? Ganz ganz vielen Dank schon mal im Voraus! Grüßle vom Kaddda |
| Themen zu BKA Trojaner und noch mehr mit Malwarebytes gefunden |
| antivir, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, converter, ctfmon.lnk, deo0_sar.exe, desktop, entfernen, error, excel, failed, firefox, flash player, free download, google earth, home, install.exe, intranet, launch, logfile, microsoft office 2003, mp3, nicht sicher, nvidia update, office 2007, plug-in, programm, riskware.tinype.gen, scan, security, sekunden, senden, software, svchost.exe, trojaner, usb 3.0, vista |
Baum-Darstellung