| |
| |||||||
Log-Analyse und Auswertung: System eingefroren, abgestürtzt, Bluescreens und Viren/TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.10.2012, 07:50
| #16 |
| /// the machine /// TB-Ausbilder    |  System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Hast Du denn noch irgendwelche Probleme mit dem System die ich adressieren soll, ausser das was ich noch im Log finde?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2012, 08:20
| #17 |
 | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Ja der Bildschirm eingefroren keine Reaktion mehr! Könnte das an der Hardware liegen?
__________________ |
|
14.10.2012, 08:52
| #18 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner IS das immer noch so? Öffne bitte OTL, in der Box Extra Registrierung auf benutze safe list stellen und scan drücken. Poste beide Logfiles, damit ich mal in die Eventlogs schauen kann.
__________________
__________________ |
|
14.10.2012, 14:38
| #19 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Ja das ist immer noch so. Hier der Inhalt von OTL:OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 14.10.2012 14:43:27 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 74,98% Memory free 3,24 Gb Paging File | 3,01 Gb Available in Paging File | 92,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 365,02 Gb Free Space | 81,89% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32 Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32 Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32 Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.10.08 22:38:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Stopped] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\injiojnj.sys -- (brdfnw) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 1&1 - Telefon-Internet-Flatrates und mobiles Internet IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox IE - HKCU\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de IE - HKCU\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = Suche IE - HKCU\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter O1 HOSTS File: ([2012.10.10 20:09:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.13 13:44:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.10.13 13:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.11 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.10 20:09:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.10 19:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.10 19:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.10 19:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.10 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.10 19:32:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.10 19:30:49 | 004,766,088 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.10.07 17:15:04 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.07 17:15:04 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 12:41:58 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD [2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes [2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.14 14:38:54 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.14 14:38:54 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.14 14:38:54 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.14 14:38:54 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.14 14:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.14 13:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.14 12:31:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 12:31:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.12 18:58:28 | 224,451,204 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.10 20:09:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.10 19:30:51 | 004,766,088 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012.10.08 22:42:13 | 000,009,305 | ---- | M] () -- C:\Users\Marcel\Desktop\Logs.zip [2012.10.08 22:38:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.08 22:38:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.07 18:35:01 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable [2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg [2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg [2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg [2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.10.04 19:59:21 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat [2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg [2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI [2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg [2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg [2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg [2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg [2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg [2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 19:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.10 19:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.10 19:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.10 19:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.10 19:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.08 22:42:13 | 000,009,305 | ---- | C] () -- C:\Users\Marcel\Desktop\Logs.zip [2012.10.07 18:35:01 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe [2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable [2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg [2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.10.06 14:06:24 | 224,451,204 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg [2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg [2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg [2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg [2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg [2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg [2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg [2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg [2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe [2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a [2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf [2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat [2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol [2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8 < End of report > --- --- --- und hier der Inhalt von OTL.ExtraOTL Logfile:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.10.2012 14:43:27 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 74,98% Memory free
3,24 Gb Paging File | 3,01 Gb Available in Paging File | 92,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 365,02 Gb Free Space | 81,89% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{322E51A0-10F3-450C-93B5-9DD0396DBD55}" = rport=138 | protocol=17 | dir=out | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E0A7419-B129-4287-A27F-2E1E5726A5D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61D83676-E102-4F3C-8E78-4C9286974FF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{61DB2FC2-9BE4-4981-83A3-DB5C74DCB9FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FE754F2-52C7-4FBF-96F3-678553F8D52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95866EEE-4401-43FD-8CF3-D54CF9E4CE03}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1EE12DC-BEBB-4437-B0FB-A4B7EBB2F3E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3AFB056-C1C9-4FC1-B3F8-3338A6EA7BC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF7BE07-B9C5-4493-A8F8-38FEE6205650}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4D0E2F8-4284-4440-B48B-D4FDF160C64E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C346788-421B-44B7-81A9-1F7973A9456E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1DCEA844-D992-4FE2-8312-8540CE4D2A9A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{26EA734F-2015-42B9-872C-12B2C8E66F8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A7D534A-8223-41EC-8C7B-3C401FC2698B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E3EB76D-112D-4A1F-91A7-D7A13B4FA2A0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3370C3A2-A23A-4FEA-9D69-0200C24A2971}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3F65BD85-2B6A-47FC-A27D-1C6A3AC7B70E}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{4476559C-A05F-42CF-BDC8-E6D7F9F44CD0}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{449E8AA4-26BF-495F-9604-0BCE9B76CF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BBAB83A-F15F-4A5A-8065-0FEA691F756B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B38C43C-14D6-43C3-B896-F038B0B1203D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{734AC65E-2775-468E-A6CE-979122036A08}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{74AE3881-A08F-4D6C-92F5-BA82438DC2B4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76082DA0-6E46-4F75-A565-F9CFB551C225}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8629C8B0-DBE6-4B8D-B923-2C905AF1DD79}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A1E2924-E398-44DB-87DF-58D64099B0DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B3530A5-683A-421A-A3C7-F67F3402E6B3}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58A2856-F35E-4AAC-B2DE-8C258BE37DF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5DBEF80-9F91-48E1-8C1A-56E48A5C0AD3}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD172DD0-8A75-475F-859A-EE2207CD67E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF93AF02-04B8-46AA-8D3F-23B2ACCA0FF2}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{B3C788DD-79AF-4194-9904-45B4CE6A02B8}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C0A5AFEC-6312-42ED-8713-34CAAAA77A0C}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D6521828-1E8E-41AF-8429-878FDB0E1826}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB063FDC-3DF9-4103-9B9B-8CD9AB3360B7}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FCBC9D99-3A70-4489-977E-07839FCAB27F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0C0A775F-A069-401F-99CA-8ADF1CFA9399}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{0F37A178-31A2-4673-81B6-618A61CFC4B6}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{16422206-99F4-487A-8C07-172B0F213324}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{1DE2DC97-93AD-4B87-87ED-C72FCA8068B4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2AE5099C-EE31-470C-B7B1-D53B2CC3746D}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"TCP Query User{323AAD4B-3F27-4B22-A0B3-762A5D9E0F8E}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{46E17AA6-B9F3-420A-AEA5-36587E1F8FB0}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{8037CC3B-E185-47FB-8A89-FD3379CDD4A8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B67FD5AF-D3C8-4144-87F2-75359D277707}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F75F887A-A8F0-4BAA-A5DA-24DE61D703C8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0F277BE9-6581-4236-9025-F57221EC3122}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{2FB06911-6D87-4D52-A9DF-31F0E0D79AFB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{35BBD58B-74BE-409B-A963-675F42597BC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{72CFE1D7-B883-4724-BC08-93A429CB827D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{72D61F70-8AC8-40AE-BAD9-DE43B8D4CBB8}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{75B30160-B70B-4E99-8BC9-58ADA4DC8D24}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{85F6561C-0121-42F3-8D5F-2D504510E08B}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{900BE098-E275-4366-8215-2B768142901C}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{AE5B0358-4B06-4515-B37F-F59C77497F28}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{E7A69C73-6DF4-46D4-B71C-977B71283700}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B3F965-1344-C16B-D865-7600B8A6B26E}" = CCC Help English
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03B8CE84-7338-472A-18D7-2E63E7E925DE}" = CCC Help French
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1767EB45-F1E9-2444-2433-A1A94F626026}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B59625-5EEE-11D7-94C8-00E0988C417C}" = Skillies Demoversion
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BB0E97A-1371-6B9D-E1CB-D5CACF3668C8}" = CCC Help German
"{1DB7D9D1-CC2D-D8BB-4F8A-1FC0BF98DC2C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E636AA0-43EB-D218-79D4-BD3B0847545C}" = CCC Help Czech
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{38B7F5C6-53F4-D852-9C0F-534C1F9492A7}" = ccc-utility
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1654FA-58EF-6DF0-8B70-E16B7B6C445C}" = Catalyst Control Center InstallProxy
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46471745-D135-ADF9-D313-ED5AA9F8B8B4}" = CCC Help Chinese Traditional
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{485841AB-3FA9-AC9A-FAD8-95113AF834A3}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C3560-6D96-F947-D7FF-F42A60631554}" = CCC Help Norwegian
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{504D471B-E518-EE37-703F-2E35E72D08A7}" = CCC Help Dutch
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{554EE7DA-4993-49B7-A579-3969608E5ADF}" = Das grosse Power-Druckstudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5775DD65-B236-44B0-B8ED-B930B8E6670F}" = TinyGrab
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1" = everpixx 5.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{653C2740-4688-6E67-F57D-4D99C573613D}" = CCC Help Portuguese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724D1F61-D823-48E2-8DB6-BD07AE03D6E3}" = CCC Help Greek
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{74B96512-231D-415B-AFA9-BCA52076A48B}" = OpenOffice.org 3.0
"{7638AC61-8AEE-9983-D681-BA48EE41A8FE}" = ATI Catalyst Install Manager
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE95C72-3470-4367-C030-DE66B8887E37}" = CCC Help Japanese
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA899EE-D9D1-1BEA-861A-85715F6BB06C}" = Catalyst Control Center Localization All
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A190B778-588E-33EF-4408-CC0F9674C7B3}" = CCC Help Turkish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D8547C-7679-DA67-09F9-EC282B8F3649}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5483174-C4FC-D248-1B3F-3848DD2606C8}" = CCC Help Polish
"{B6D61395-20E7-1682-A56B-D5759D6A6135}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B61C0D-6DE8-6B79-11AA-6745FE2D30AE}" = CCC Help Swedish
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9233C7-8D5C-8A4F-F979-44653BE36972}" = CCC Help Danish
"{C648A7DE-A784-6D55-2655-28E4B28B75C5}" = CCC Help Korean
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DD8C5170-C98D-0FAB-083B-122F7BEFCCB9}" = Catalyst Control Center
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE5A5FC0-FCBF-BDD4-F96A-D1DACC4B1210}" = Catalyst Control Center Graphics Previews Common
"{EE9BD325-3BCC-D3E7-D5AC-85ED719004FF}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F554C262-F87E-183C-1765-3F2F8B27EAC5}" = CCC Help Hungarian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"freddyDeutsch12" = Freddy:Deutsch1/Deutsch2
"freddyMathe12" = Freddy:Mathe1/Mathe2
"freddyMathe7" = Freddy:Mathe7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gute_Vorsaetze_Abnehmen" = Gute_Vorsaetze_Abnehmen Screen Saver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Kids Deutsch 3_is1" = PC-Kids Deutsch 3
"phase-6" = phase-6 2.1.2.3a
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"3e74fe69fc3c1e1d" = Install
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2012 04:26:25 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 13.10.2012 04:42:54 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
Error - 13.10.2012 07:54:59 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 13.10.2012 08:02:39 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0x161c, Anwendungsstartzeit
01cda93aa4489570.
Error - 13.10.2012 09:47:10 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
Error - 13.10.2012 11:06:55 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0x1560, Anwendungsstartzeit
01cda95460929aa0.
Error - 13.10.2012 11:10:10 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 14.10.2012 04:29:03 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0x125c, Anwendungsstartzeit
01cda9e5f7702050.
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
[ IntelDH Events ]
Error - 13.10.2012 08:02:39 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
to the DataManager for events.
Error - 13.10.2012 08:02:43 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store. Function = ICS
Log failed
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
to the DataManager for events.
Error - 13.10.2012 11:07:02 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer
Error - 13.10.2012 11:10:09 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
DataManager with error:
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store. Function = ICS
Log failed
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
DataManager with error:
[ System Events ]
Error - 14.10.2012 04:27:46 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.10.2012 06:32:00 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.10.2012 06:34:01 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.10.2012 06:34:01 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.10.2012 06:35:23 | Computer Name = Marcel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 14.10.2012 08:36:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 14.10.2012 08:36:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.10.2012 08:40:54 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
Error - 14.10.2012 08:40:52 | Computer Name = Marcel-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
< End of report >
Danke für die Sonderschichten (Sa.+So.) Geändert von bastelmarc (14.10.2012 um 14:47 Uhr) Grund: sorry hatte zweimal den gleichen Log gepostet |
|
14.10.2012, 17:18
| #20 | |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Da sind noch etliche Einträge, die wir fixen müssen, aber nix schlimmes, kümmern wir uns erstmal um die treiber/hardware. Poste mal infos zum System. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2012, 19:34
| #21 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Betriebssystemname Microsoft® Windows Vista™ Home Premium Version 6.0.6002 Service Pack 2 Build 6002 Zusätzliche Betriebssystembeschreibung Nicht verfügbar Betriebssystemhersteller Microsoft Corporation Systemname MARCEL-PC Systemhersteller MEDIONPC Systemmodell MS-7502 Systemtyp X86-basierter PC Prozessor Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2400 MHz, 4 Kern(e), 4 logische(r) Prozessor(en) BIOS-Version/-Datum Phoenix Technologies, LTD 6.00 PG, 26.12.2007 SMBIOS-Version 2.5 Windows-Verzeichnis C:\Windows Systemverzeichnis C:\Windows\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.0.6002.18005" Benutzername Marcel-PC\Marcel Zeitzone Mitteleuropäische Sommerzeit Installierter physikalischer Speicher (RAM) 1,50 GB Gesamter realer Speicher 1,50 GB Verfügbarer realer Speicher 599 MB Gesamter virtueller Speicher 3,24 GB Verfügbarer virtueller Speicher 1,72 GB Größe der Auslagerungsdatei 1,79 GB Auslagerungsdatei C:\pagefile.sys ich hoffe das reicht ansonsten muss du sagen was noch benötigt wird |
|
14.10.2012, 20:27
| #22 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner MEDION Deutschland - Downloads Hierhin gehen, MSN nummer eingeben, alle Treiber für Grafik und Netzwerk laden die angeboten werden für Dein System. Installieren, Reboot, neues OTL Logfile mit obigen Einstellungen, damit Du beide Logs bekommst, Und Monitor checken 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2012, 21:31
| #23 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Hallo habe das BIOS runtergeladen geöffnet und bestätigt, dann kam die Meldung Finised and tested war es das? werde mir noch den Chipsatz Treiber Intel runterladen und installieren Hier das OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.10.2012 23:02:10 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 28,48% Memory free 3,25 Gb Paging File | 1,86 Gb Available in Paging File | 57,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 363,37 Gb Free Space | 81,52% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32 Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32 Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32 Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011.03.10 04:50:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.09.14 09:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE PRC - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2007.10.19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.08.31 10:44:07 | 007,952,536 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll MOD - [2012.08.31 10:43:47 | 003,002,008 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll MOD - [2012.08.31 10:43:37 | 004,454,040 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll MOD - [2012.08.31 10:43:34 | 002,016,408 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2012.08.31 10:43:12 | 001,649,816 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll MOD - [2012.08.31 10:43:11 | 001,550,488 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2012.08.31 10:43:08 | 000,319,640 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2012.08.31 10:43:06 | 000,275,096 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2012.08.31 10:42:52 | 000,135,832 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2012.08.31 10:42:49 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2012.06.14 14:40:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll MOD - [2012.06.14 14:38:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.14 14:35:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 14:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 14:35:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 14:34:51 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.10 20:04:44 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll MOD - [2012.05.10 20:02:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 20:02:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.10 19:59:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.10 19:58:57 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll MOD - [2012.05.10 19:58:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.10 19:58:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.10 19:58:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 19:58:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.02.07 12:37:06 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll MOD - [2012.02.07 12:37:06 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2012.02.07 12:37:04 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll MOD - [2012.02.07 12:37:02 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll MOD - [2012.02.07 12:37:00 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll MOD - [2012.02.07 12:36:58 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll MOD - [2012.02.07 12:36:58 | 000,720,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll MOD - [2012.02.07 12:36:58 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll MOD - [2012.02.07 12:36:56 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll MOD - [2012.02.07 12:36:54 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll MOD - [2012.02.07 12:36:54 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll MOD - [2012.02.07 12:36:54 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll MOD - [2011.08.22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011.03.10 04:14:02 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.03.09 23:05:10 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.06.02 11:38:54 | 000,128,512 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2007.12.12 12:21:40 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll MOD - [2007.10.19 18:42:34 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll MOD - [2007.10.19 18:42:20 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll MOD - [2007.10.19 18:42:20 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.10.08 22:38:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\injiojnj.sys -- (brdfnw) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.1und1.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox IE - HKCU\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de IE - HKCU\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046 IE - HKCU\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.25 20:28:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter O1 HOSTS File: ([2012.10.10 20:09:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.14 22:13:18 | 000,000,000 | ---D | C] -- C:\Medion [2012.10.13 13:44:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.10.13 13:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.11 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.10 20:09:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.10 19:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.10 19:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.10 19:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.10 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.10 19:32:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.10 19:30:49 | 004,766,088 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.10.07 17:15:04 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.07 17:15:04 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 12:41:58 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI [2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD [2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes [2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.14 22:44:01 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.14 22:44:01 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.14 22:44:01 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.14 22:44:01 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.14 22:38:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.14 22:36:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:36:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:36:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.14 22:36:30 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys [2012.10.14 22:32:14 | 000,000,362 | ---- | M] () -- C:\Users\Marcel\Desktop\Download - Verknüpfung.lnk [2012.10.14 20:43:01 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat [2012.10.12 18:58:28 | 224,451,204 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.10 20:09:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.10 19:30:51 | 004,766,088 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012.10.08 22:42:13 | 000,009,305 | ---- | M] () -- C:\Users\Marcel\Desktop\Logs.zip [2012.10.08 22:38:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.08 22:38:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.07 18:35:01 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable [2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg [2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg [2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg [2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg [2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI [2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg [2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg [2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg [2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg [2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg [2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.14 22:32:14 | 000,000,362 | ---- | C] () -- C:\Users\Marcel\Desktop\Download - Verknüpfung.lnk [2012.10.14 22:22:44 | 1608,699,904 | -HS- | C] () -- C:\hiberfil.sys [2012.10.10 19:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.10 19:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.10 19:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.10 19:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.10 19:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.08 22:42:13 | 000,009,305 | ---- | C] () -- C:\Users\Marcel\Desktop\Logs.zip [2012.10.07 18:35:01 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe [2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable [2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg [2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.10.06 14:06:24 | 224,451,204 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg [2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg [2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg [2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg [2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg [2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg [2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg [2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg [2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe [2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a [2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf [2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat [2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol [2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8 < End of report > Hier OTL.Extra Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.10.2012 23:02:10 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 28,48% Memory free
3,25 Gb Paging File | 1,86 Gb Available in Paging File | 57,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 363,37 Gb Free Space | 81,52% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{322E51A0-10F3-450C-93B5-9DD0396DBD55}" = rport=138 | protocol=17 | dir=out | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E0A7419-B129-4287-A27F-2E1E5726A5D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61D83676-E102-4F3C-8E78-4C9286974FF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{61DB2FC2-9BE4-4981-83A3-DB5C74DCB9FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FE754F2-52C7-4FBF-96F3-678553F8D52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95866EEE-4401-43FD-8CF3-D54CF9E4CE03}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1EE12DC-BEBB-4437-B0FB-A4B7EBB2F3E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3AFB056-C1C9-4FC1-B3F8-3338A6EA7BC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF7BE07-B9C5-4493-A8F8-38FEE6205650}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4D0E2F8-4284-4440-B48B-D4FDF160C64E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C346788-421B-44B7-81A9-1F7973A9456E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1DCEA844-D992-4FE2-8312-8540CE4D2A9A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{26EA734F-2015-42B9-872C-12B2C8E66F8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A7D534A-8223-41EC-8C7B-3C401FC2698B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E3EB76D-112D-4A1F-91A7-D7A13B4FA2A0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3370C3A2-A23A-4FEA-9D69-0200C24A2971}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3F65BD85-2B6A-47FC-A27D-1C6A3AC7B70E}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{4476559C-A05F-42CF-BDC8-E6D7F9F44CD0}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{449E8AA4-26BF-495F-9604-0BCE9B76CF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BBAB83A-F15F-4A5A-8065-0FEA691F756B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B38C43C-14D6-43C3-B896-F038B0B1203D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{734AC65E-2775-468E-A6CE-979122036A08}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{74AE3881-A08F-4D6C-92F5-BA82438DC2B4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76082DA0-6E46-4F75-A565-F9CFB551C225}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8629C8B0-DBE6-4B8D-B923-2C905AF1DD79}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A1E2924-E398-44DB-87DF-58D64099B0DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B3530A5-683A-421A-A3C7-F67F3402E6B3}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58A2856-F35E-4AAC-B2DE-8C258BE37DF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5DBEF80-9F91-48E1-8C1A-56E48A5C0AD3}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD172DD0-8A75-475F-859A-EE2207CD67E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF93AF02-04B8-46AA-8D3F-23B2ACCA0FF2}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{B3C788DD-79AF-4194-9904-45B4CE6A02B8}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C0A5AFEC-6312-42ED-8713-34CAAAA77A0C}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D6521828-1E8E-41AF-8429-878FDB0E1826}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB063FDC-3DF9-4103-9B9B-8CD9AB3360B7}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FCBC9D99-3A70-4489-977E-07839FCAB27F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0C0A775F-A069-401F-99CA-8ADF1CFA9399}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{0F37A178-31A2-4673-81B6-618A61CFC4B6}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{16422206-99F4-487A-8C07-172B0F213324}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{1DE2DC97-93AD-4B87-87ED-C72FCA8068B4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2AE5099C-EE31-470C-B7B1-D53B2CC3746D}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"TCP Query User{323AAD4B-3F27-4B22-A0B3-762A5D9E0F8E}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{46E17AA6-B9F3-420A-AEA5-36587E1F8FB0}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{8037CC3B-E185-47FB-8A89-FD3379CDD4A8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B67FD5AF-D3C8-4144-87F2-75359D277707}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F75F887A-A8F0-4BAA-A5DA-24DE61D703C8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0F277BE9-6581-4236-9025-F57221EC3122}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{2FB06911-6D87-4D52-A9DF-31F0E0D79AFB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{35BBD58B-74BE-409B-A963-675F42597BC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{72CFE1D7-B883-4724-BC08-93A429CB827D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{72D61F70-8AC8-40AE-BAD9-DE43B8D4CBB8}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{75B30160-B70B-4E99-8BC9-58ADA4DC8D24}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{85F6561C-0121-42F3-8D5F-2D504510E08B}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{900BE098-E275-4366-8215-2B768142901C}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{AE5B0358-4B06-4515-B37F-F59C77497F28}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{E7A69C73-6DF4-46D4-B71C-977B71283700}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B3F965-1344-C16B-D865-7600B8A6B26E}" = CCC Help English
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03B8CE84-7338-472A-18D7-2E63E7E925DE}" = CCC Help French
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1767EB45-F1E9-2444-2433-A1A94F626026}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B59625-5EEE-11D7-94C8-00E0988C417C}" = Skillies Demoversion
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BB0E97A-1371-6B9D-E1CB-D5CACF3668C8}" = CCC Help German
"{1DB7D9D1-CC2D-D8BB-4F8A-1FC0BF98DC2C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E636AA0-43EB-D218-79D4-BD3B0847545C}" = CCC Help Czech
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{38B7F5C6-53F4-D852-9C0F-534C1F9492A7}" = ccc-utility
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1654FA-58EF-6DF0-8B70-E16B7B6C445C}" = Catalyst Control Center InstallProxy
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46471745-D135-ADF9-D313-ED5AA9F8B8B4}" = CCC Help Chinese Traditional
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{485841AB-3FA9-AC9A-FAD8-95113AF834A3}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C3560-6D96-F947-D7FF-F42A60631554}" = CCC Help Norwegian
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{504D471B-E518-EE37-703F-2E35E72D08A7}" = CCC Help Dutch
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{554EE7DA-4993-49B7-A579-3969608E5ADF}" = Das grosse Power-Druckstudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5775DD65-B236-44B0-B8ED-B930B8E6670F}" = TinyGrab
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1" = everpixx 5.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{653C2740-4688-6E67-F57D-4D99C573613D}" = CCC Help Portuguese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724D1F61-D823-48E2-8DB6-BD07AE03D6E3}" = CCC Help Greek
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{74B96512-231D-415B-AFA9-BCA52076A48B}" = OpenOffice.org 3.0
"{7638AC61-8AEE-9983-D681-BA48EE41A8FE}" = ATI Catalyst Install Manager
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE95C72-3470-4367-C030-DE66B8887E37}" = CCC Help Japanese
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA899EE-D9D1-1BEA-861A-85715F6BB06C}" = Catalyst Control Center Localization All
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A190B778-588E-33EF-4408-CC0F9674C7B3}" = CCC Help Turkish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D8547C-7679-DA67-09F9-EC282B8F3649}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5483174-C4FC-D248-1B3F-3848DD2606C8}" = CCC Help Polish
"{B6D61395-20E7-1682-A56B-D5759D6A6135}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B61C0D-6DE8-6B79-11AA-6745FE2D30AE}" = CCC Help Swedish
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9233C7-8D5C-8A4F-F979-44653BE36972}" = CCC Help Danish
"{C648A7DE-A784-6D55-2655-28E4B28B75C5}" = CCC Help Korean
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DD8C5170-C98D-0FAB-083B-122F7BEFCCB9}" = Catalyst Control Center
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE5A5FC0-FCBF-BDD4-F96A-D1DACC4B1210}" = Catalyst Control Center Graphics Previews Common
"{EE9BD325-3BCC-D3E7-D5AC-85ED719004FF}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F554C262-F87E-183C-1765-3F2F8B27EAC5}" = CCC Help Hungarian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"freddyDeutsch12" = Freddy:Deutsch1/Deutsch2
"freddyMathe12" = Freddy:Mathe1/Mathe2
"freddyMathe7" = Freddy:Mathe7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gute_Vorsaetze_Abnehmen" = Gute_Vorsaetze_Abnehmen Screen Saver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Kids Deutsch 3_is1" = PC-Kids Deutsch 3
"phase-6" = phase-6 2.1.2.3a
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"3e74fe69fc3c1e1d" = Install
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
Error - 14.10.2012 10:27:20 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0x10b8, Anwendungsstartzeit
01cdaa17fc4b4e49.
Error - 14.10.2012 10:30:50 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 14.10.2012 11:07:16 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 14.10.2012 11:35:41 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
Error - 14.10.2012 14:30:06 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
Error - 14.10.2012 16:24:41 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0x15d8, Anwendungsstartzeit
01cdaa49ec166e80.
Error - 14.10.2012 16:28:19 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
Error - 14.10.2012 16:38:05 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013190, Prozess-ID 0xafc, Anwendungsstartzeit
01cdaa4bcde37f00.
Error - 14.10.2012 16:42:04 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
[ IntelDH Events ]
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store. Function = ICS
Log failed
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
to the DataManager for events.
Error - 14.10.2012 16:24:48 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer
Error - 14.10.2012 16:28:18 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
DataManager with error:
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store. Function = ICS
Log failed
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
to the DataManager for events.
Error - 14.10.2012 16:38:12 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer
Error - 14.10.2012 16:42:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
DataManager with error:
[ System Events ]
Error - 14.10.2012 14:29:58 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
Error - 14.10.2012 14:30:06 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
Error - 14.10.2012 16:23:53 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.10.2012 16:25:59 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.10.2012 16:25:59 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.10.2012 16:27:36 | Computer Name = Marcel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 14.10.2012 16:34:12 | Computer Name = Marcel-PC | Source = DCOM | ID = 10010
Description =
Error - 14.10.2012 16:37:19 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.10.2012 16:39:20 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.10.2012 16:39:20 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
im übrigen läuft das System seit dem BIOS und CHIP-satz update sauber! vielen Dank der Bildschirm war gestern abend alles total verschwommen wie aüfgelöst verpixelt! was meinst du mit Monitor cheken habe für die Grafikkarte RADEON HD 6450 den neuesten Treiber! Geändert von bastelmarc (14.10.2012 um 22:14 Uhr) Grund: OTL Log ergänzt sorry war das falsche |
|
15.10.2012, 06:37
| #24 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Na eben den Bildschirm, ob es noch Probleme gibt. Kannste nen andern Bildschirm testen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.10.2012, 10:13
| #25 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Ja hab nochen Röhrenmonitor. Neues Problem BIOS update abgebrochen System startet/Bootet nicht mehr. ist der jetzt hin??? |
|
15.10.2012, 10:22
| #26 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Joah, das is schlecht. Kiste aufmachen, Bios-Batterie vorhanden?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.10.2012, 10:30
| #27 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner das ist echt bescheiden! ja, das ist eine zelle drin! |
|
15.10.2012, 10:36
| #28 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Stromkabel ab vom Rechner, Netzschalter hinten auf 0. Batterie raus, eine rauchen gehen, Batterie rein, Kabel dran und wieder versuchen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.10.2012, 10:49
| #29 |
| | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner so getan ist aber wie vorher, fährt an und nach 1-2 sek. wieder aus PC läuft aber es tut sich nichts, habe die Application&Support DISC eingelegt. auf dieser steht folgender Text: Auf diesem Datenträger finden sie alle notwendigen Treiber&Tools für ihren Computer, weiterhin dient ihnen diese Disc zur Systemweiderherstellung kann die weiter helfen? |
|
15.10.2012, 12:56
| #30 |
| /// the machine /// TB-Ausbilder | System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner Kann, aber bitte versuch noch folgendes: Rechner ausmachen Netzschalter hinten auf 0 Einschalt-Knopf am Rechner drücken und gedrückt halten 10 sec warten Netzschalter hinten auf 1, dabei ist der Power-Button immer noch gedrückt Jetzt den Knopf los lassen wenn der Rechner nicht startet nochmal kurz Einschaltknopf drücken. Gehts jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner |
| abbrüche, agent, arbeitsspeicher, backdoor, besser, bildschirm, bluescreen, bluescreens, eingefroren, fehlermeldungen, foren, googeln, grafikkarte, installiert, malwarebytes, modus, nicht mehr, nur abgesicherter modus, nvida, probleme, programme, reaktion, recht, starten, system, systemstart, trojaner, verschiedene, worm.dorkbot |
Linear-Darstellung
