| |
| |||||||
Log-Analyse und Auswertung: Polizei / Cybercrime Investigation Departement VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.01.2013, 13:34
| #16 |
| /// Helfer-Team  |  Polizei / Cybercrime Investigation Departement Virus Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten berichten |
|
29.01.2013, 16:15
| #17 |
 | Polizei / Cybercrime Investigation Departement Virus Es wurde nichts gefunden. Trotzdem braucht der ie ewig um irgendetwas zu laden, mit dem Resultat, dass letztendlich dann sowieso alles hängt. Andere Programme ( z.B. Outlook) funktionieren vorläufig einmal einwandfrei. Danke, LG Barbara
__________________Guten Abend t'john. Ich hab' selbst mal etwas ausprobiert und es könnte mit den Add ons zu tun haben. Wenn ich den ie ohne Add ons starte, dann läuft alles wie am Schnürchen. Ich hab' jetzt einfach mal ein paar ganz willkürlich (ohne zu wissen, was ich da mache) deaktiviert und jetzt läuft wieder alles einwandfrei. Wie bekommt man Ordnung in die Add ons - bzw. solche weg, die man nicht braucht, wenn man nicht weiss, ob man sie braucht? *öhm, ja, ist nun mal leider so, ich weiss es wirklich nicht.* Passt vom Thema her irgendwie gar nicht mehr da herein, sorry. Herzlichen Dank schon mal für deine Antwort. Ach ja, und das mit der Registry könnten wir dann jetzt, zumindest von meiner Seite, in Angriff nehmen. Lg Barbara |
|
29.01.2013, 19:09
| #18 |
| /// Helfer-Team | Polizei / Cybercrime Investigation Departement Virus Downloade Dir bitte
__________________ AdwCleaner auf deinen Desktop.
danach: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
29.01.2013, 21:39
| #19 |
| | Polizei / Cybercrime Investigation Departement Virus Von wegen entlassen... ;-) adwcleaner: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 29/01/2013 um 21:10:12 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Barbara - BARBARA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Barbara\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [710 octets] - [29/01/2013 21:10:12]
########## EOF - C:\AdwCleaner[S1].txt - [769 octets] ##########
Code:
ATTFilter OTL logfile created on: 29.01.2013 21:17:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 56,31% Memory free 5,74 Gb Paging File | 4,30 Gb Available in Paging File | 74,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 23,42 Gb Free Space | 20,14% Space Free | Partition Type: NTFS Drive D: | 115,13 Gb Total Space | 41,88 Gb Free Space | 36,37% Space Free | Partition Type: NTFS Drive E: | 98,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BARBARA-PC | User Name: Barbara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Barbara\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Barbara\AppData\Local\Fabasoft\x86\foliouipu.exe (Fabasoft R&D GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) PRC - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll () MOD - C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll () MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\OdiOlDVR.dll () MOD - C:\Windows\System32\OdiAPI.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found DRV - (eamonm) -- system32\DRIVERS\eamonm.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (tdrpman174) -- C:\Windows\System32\drivers\tdrpm174.sys (Acronis) DRV - (snapman380) -- C:\Windows\System32\drivers\snman380.sys (Acronis) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{A71BB574-E0D2-4564-859D-BD15DBCB303D}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm255^YY^at&si=CLrYg5Sr17QCFUmN3godxy4AGw&ptb=06C7BB18-3C19-4AA1-81E9-B3ED852B91B8&ind=2013010717&n=77fc1b1d&psa=&st=sb&searchfor={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {18780ed6-1531-47da-bf90-c91f72f2b4ee} - No CLSID value found IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - No CLSID value found IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes\{10EC757B-EB0E-4AFF-B0B5-06C8B39C30E3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes\{A71BB574-E0D2-4564-859D-BD15DBCB303D}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SUNC_deAT369 IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\SearchScopes\{F579B4ED-ACFC-4281-92E7-FD895F423628}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\FabasoftPluginPU: C:\Users\Barbara\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll (Fabasoft R&D GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.01.20 02:43:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.01.20 02:43:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.01.20 02:42:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{D5AA91D3-CA07-4379-B0F2-AEC652F5943F}: C:\Users\Barbara\AppData\Local\Fabasoft\TB\ [2013.01.20 00:43:35 | 000,000,000 | ---D | M] [2010.02.20 02:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\extensions [2010.02.20 02:03:19 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2013.01.07 23:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.01.07 23:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2013.01.07 23:54:33 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\4zffxtbr@VideoDownloadConverter_4z.com O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (no name) - {18780ED6-1531-47DA-BF90-C91F72F2B4EE} - No CLSID value found. O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (no name) - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - No CLSID value found. O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000..\Run: [FolioSystrayPU] C:\Users\Barbara\AppData\Local\Fabasoft\x86\foliouipu.exe (Fabasoft R&D GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Barbara Arbeitsberei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Barbara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Barbara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..Trusted Domains: fabasoft.com ([*.folio] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..Trusted Domains: fabasoft.com ([*.folio] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..Trusted Domains: fabasoft.com ([at.folio] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..Trusted Domains: localhost ([]http in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00D69441-7297-412B-AD63-2F0738DAC0CD}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AA4FAD4-70B6-4291-8EA3-55E697316D8B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{860B02B8-1034-4B7B-B24A-7F2524BB7CE6}: NameServer = 195.130.224.18,195.130.225.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2044b33e-8466-11df-809f-001e33f56511}\Shell - "" = AutoRun O33 - MountPoints2\{2044b33e-8466-11df-809f-001e33f56511}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4418172c-7b91-11df-bdad-001e33f56511}\Shell - "" = AutoRun O33 - MountPoints2\{4418172c-7b91-11df-bdad-001e33f56511}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{44181741-7b91-11df-bdad-001e33f56511}\Shell - "" = AutoRun O33 - MountPoints2\{44181741-7b91-11df-bdad-001e33f56511}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{441817a1-7b91-11df-bdad-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{441817a1-7b91-11df-bdad-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.29 20:59:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013.01.29 13:16:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.01.29 13:16:54 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.01.29 13:16:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.29 13:16:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.01.29 13:16:53 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.01.29 13:16:52 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.01.29 13:16:52 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.01.29 13:16:52 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.01.29 13:16:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.01.29 13:16:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.01.29 13:16:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.01.29 13:16:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.01.29 13:16:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.01.29 13:16:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.01.29 13:16:51 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.01.29 00:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.01.29 00:33:06 | 000,272,384 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9X.DLL [2013.01.29 00:32:40 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013.01.29 00:32:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013.01.29 00:31:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013.01.29 00:31:50 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013.01.29 00:31:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013.01.29 00:29:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013.01.29 00:29:30 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2013.01.29 00:29:30 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2013.01.29 00:29:27 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2013.01.29 00:29:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2013.01.29 00:29:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2013.01.29 00:29:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2013.01.29 00:29:23 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.01.29 00:29:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013.01.29 00:29:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013.01.29 00:29:23 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013.01.29 00:29:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013.01.29 00:29:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013.01.29 00:29:23 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013.01.29 00:29:23 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013.01.29 00:29:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013.01.29 00:29:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013.01.29 00:29:23 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013.01.29 00:29:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013.01.29 00:29:22 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013.01.29 00:29:22 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013.01.29 00:29:22 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013.01.29 00:29:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013.01.29 00:29:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.29 00:29:03 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.29 00:29:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.29 00:29:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.29 00:29:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.29 00:29:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.29 00:28:33 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2013.01.29 00:28:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2013.01.29 00:28:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rndismpx.sys [2013.01.29 00:28:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2013.01.29 00:28:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2013.01.29 00:28:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2013.01.29 00:28:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2013.01.29 00:27:59 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.01.29 00:27:59 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.01.29 00:27:57 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2013.01.29 00:27:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.01.29 00:27:51 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2013.01.29 00:27:47 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.01.29 00:27:44 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.01.29 00:27:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2013.01.29 00:27:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2013.01.29 00:27:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.01.29 00:27:37 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013.01.29 00:27:36 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.01.29 00:27:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.01.29 00:27:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2013.01.29 00:27:26 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2013.01.29 00:21:41 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.01.28 22:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.28 22:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.27 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Secunia PSI [2013.01.27 22:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.01.27 21:32:42 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Users\Barbara\Desktop\ccsetup327.exe [2013.01.21 13:55:00 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.20 02:46:44 | 000,000,000 | R--D | C] -- C:\Backup [2013.01.20 02:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 [2013.01.20 02:43:12 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2013.01.20 02:43:12 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013.01.20 02:43:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2013.01.20 02:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2013.01.20 02:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.01.20 02:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.01.20 02:41:56 | 000,585,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2013.01.20 00:49:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes [2013.01.20 00:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.20 00:49:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Programs [2013.01.20 00:43:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fabasoft Folio Cloud [2013.01.20 00:42:00 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.01.20 00:42:00 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.01.20 00:41:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.01.20 00:41:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.20 00:41:48 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.20 00:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.19 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.13 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.01.13 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.01.13 22:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum [2013.01.09 14:51:25 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 14:50:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.09 14:50:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013.01.08 00:04:41 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\DesktopIconForAmazon [2013.01.07 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\TrafficSpaceLLC [2013.01.07 23:55:32 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Video Download Converter [2013.01.07 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\IAC [2013.01.07 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter [2013.01.07 23:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Video Download Converter ========== Files - Modified Within 30 Days ========== [2013.01.29 21:20:41 | 000,012,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 21:20:41 | 000,012,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 21:14:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.29 21:13:37 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.01.29 21:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 21:13:06 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys [2013.01.29 21:00:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 20:59:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe [2013.01.29 20:58:33 | 000,580,235 | ---- | M] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013.01.29 20:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.29 14:47:23 | 000,647,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.29 14:47:23 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.29 14:47:23 | 000,127,412 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.29 14:47:23 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.29 12:29:15 | 000,411,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.28 22:45:21 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.27 22:43:59 | 000,000,182 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.01.27 21:33:12 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Users\Barbara\Desktop\ccsetup327.exe [2013.01.23 13:53:36 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.21 13:55:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.21 13:55:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.20 19:37:27 | 000,000,000 | ---- | M] () -- C:\Users\Barbara\defogger_reenable [2013.01.20 02:46:52 | 000,017,408 | ---- | M] () -- C:\Users\Barbara\AppData\Local\WebpageIcons.db [2013.01.20 02:43:42 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2013.01.20 02:43:42 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2013.01.20 02:41:56 | 000,585,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2013.01.20 00:43:36 | 000,002,126 | ---- | M] () -- C:\Users\Barbara\Desktop\Fabasoft Folio Cloud.lnk [2013.01.20 00:41:40 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.20 00:41:36 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.01.20 00:41:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.01.20 00:41:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.20 00:41:34 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.01.20 00:41:34 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.01.08 00:33:28 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.01.08 00:04:41 | 000,001,462 | ---- | M] () -- C:\Users\Barbara\Desktop\Amazon.lnk [2013.01.07 23:51:33 | 000,000,683 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.01.07 23:51:16 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini [2013.01.07 23:50:35 | 000,000,937 | ---- | M] () -- C:\Users\Barbara\Desktop\FreeRIP.lnk ========== Files Created - No Company Name ========== [2013.01.29 20:58:33 | 000,580,235 | ---- | C] () -- C:\Users\Barbara\Desktop\adwcleaner.exe [2013.01.29 00:32:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.29 00:31:49 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.28 22:45:21 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.23 13:53:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.23 13:53:36 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.21 13:55:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.20 19:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Barbara\defogger_reenable [2013.01.20 02:46:52 | 000,017,408 | ---- | C] () -- C:\Users\Barbara\AppData\Local\WebpageIcons.db [2013.01.20 02:43:42 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2013.01.20 02:43:42 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2013.01.08 00:33:28 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.01.08 00:33:28 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.01.08 00:04:41 | 000,001,462 | ---- | C] () -- C:\Users\Barbara\Desktop\Amazon.lnk [2013.01.07 23:50:35 | 000,000,937 | ---- | C] () -- C:\Users\Barbara\Desktop\FreeRIP.lnk [2012.02.14 20:45:08 | 000,000,683 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.02.14 20:43:43 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.02.06 21:41:11 | 000,079,181 | ---- | C] () -- C:\Users\Barbara\Seilbahn.net.pdf [2012.01.31 22:13:06 | 000,147,336 | ---- | C] () -- C:\Users\Barbara\Skilift.pdf [2011.09.14 22:05:32 | 000,022,759 | ---- | C] () -- C:\Users\Barbara\20050712_Siebener-Naehrstoffmischung_Ausdruck.htm [2011.08.22 22:26:02 | 001,133,418 | ---- | C] () -- C:\Users\Barbara\abcaudio_setup.exe [2011.08.22 22:25:47 | 001,126,748 | ---- | C] () -- C:\Users\Barbara\abcaudio.zip [2011.07.02 18:35:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011.02.15 22:00:26 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2011.dat [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.07.02 00:16:08 | 000,028,672 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.29 23:23:41 | 000,021,848 | ---- | C] () -- C:\Users\Barbara\rulrcpcd.exe [2009.12.16 02:12:15 | 003,708,670 | ---- | C] () -- C:\Users\Barbara\Weihnachten2.jpg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.20 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\ACD Systems [2010.02.20 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Acronis [2012.12.24 14:49:53 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Amazon [2013.01.27 21:47:57 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Azureus [2010.08.24 21:37:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Canon [2013.01.08 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\DesktopIconForAmazon [2010.10.26 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Downloaded Installations [2010.12.16 00:09:31 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.14 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Nitro PDF [2012.12.25 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\RavensburgerTipToi [2010.02.20 02:03:20 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sawtooth Software, Inc [2010.01.27 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TeamViewer [2010.05.14 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Toshiba [2012.02.14 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TuneUp Software [2010.02.20 02:03:24 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch [2010.10.15 09:28:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Xenocode [2010.03.21 03:29:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Azureus [2010.02.20 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon [2012.03.31 07:52:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter L Extras logfile created on: 29.01.2013 21:17:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barbara\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 56,31% Memory free
5,74 Gb Paging File | 4,30 Gb Available in Paging File | 74,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 23,42 Gb Free Space | 20,14% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 41,88 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive E: | 98,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BARBARA-PC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1828C919-C130-4623-A0DE-5A7FB3BD176E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44E83D0C-7DF9-4728-8B24-031C27CA0EF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72CDC422-24E4-4779-B672-B8C4EC2FD75F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82B4A897-77B2-4654-ABBF-4BDDACE8AA6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DE5637E-A071-48CF-8B90-289BCAF7948B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5A8E26B-4DEE-446A-A05C-66BB91661821}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4E38653-5C8C-41A5-BA26-DB6AD933A519}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B5C58D64-0A08-4A5B-8C33-F6481E4C30E9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BFEC14C8-739C-4F36-81AD-200406DCB91A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C158E52F-F2C5-4E45-92FB-8E28A277A954}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1911308-03FD-4D5B-AB0B-6D4743EE1361}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C550E5F3-1315-43E6-838F-0D44EE2417AE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF5B1271-8FAC-429A-8CF2-9A326580258C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7E3138C-BC1B-4DA0-8998-6FE82C380B6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8045C9E-3151-4729-92D5-F1C1104F7DF7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E8B2EC71-F48C-4663-A2F3-DF29972A2AEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F42ACD85-66E0-41EC-98A8-BCAA0116FA52}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F6D13773-4E39-4B57-A5D5-6804C1441D91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022179ED-F1E4-45ED-8702-8BACB22B9BF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02A9DFEA-EABE-46F4-85F8-4F404987D824}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0556BD9A-7430-437D-A44E-5D24047CD053}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07DA3CDE-4F67-4CED-ADEF-040AF8B668FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0941DEF4-67A8-46C9-ACA4-7EFD7BF32788}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BE47723-434C-464D-B5C0-A12EE30F8777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E33D790-8ED7-4E1B-A33E-0AC1211440D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10B06470-00CD-4093-8196-5DBF29B58C7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19E66481-F528-429B-A085-32DBEA256D20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19EBB639-771D-4C59-8309-5D9FF3B60043}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EB3596D-8722-410D-8C8F-86E4C510C66B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EEA16B7-D237-401D-9388-7188AB2008E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F7CC6DE-C3A6-445C-B7F6-CE7BA0E4DB00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21BD6524-7036-42D8-8666-3B67265ADF85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{258963BA-CB6F-4BC2-8FEC-21CF75C002B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26792121-C366-4EF2-9C2B-ECC8EA29D928}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{281673E8-B9B3-43ED-9F40-F82484DE0D6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CF6886D-2C9F-4619-815F-C432CA4A76DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E3C2B3F-9AF7-4276-8CB9-65963560B3A3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{2E831714-7BB4-44B7-BAE4-461499EFE708}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{34AF07D5-7AF1-49C7-A943-0783218AF57D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{397C4994-0976-48A8-80F7-CD8F611B4B56}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{3CD966A8-F0C3-4860-B765-EB38539556C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D7AA734-77C7-40CD-81EC-B134734970AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D7B38D1-31DA-408A-9B70-7560055FA685}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5265CF90-CDCD-4A68-A588-3D13670C4A6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{546522C8-8865-40BE-980E-9C4ED461D0BD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{549E3BD5-6EF8-426A-86F6-9C561E1B9E76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56A9358A-6CB4-49B9-A4B8-9751ED3B7F07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56C994D8-D42D-4974-8A7E-EAACB5B2BAB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56FE1A4F-4044-4D4C-9BAB-8A38ABAAD625}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A1AEFFB-A7E1-4821-B169-F88D26137773}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AFD8A35-657C-4B9A-ADB3-A34D0AB9FD83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C274B54-31C4-458B-8A53-CAC4412029EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CD4C163-6605-4E76-A9D0-077B58BAE9EB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5D27779B-6650-4735-B443-3B4DE81AAD09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FAF14BC-443C-47B8-8D2C-03E7307765AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61BC246C-790B-45DC-B789-57F1962C9A41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6265B0FD-D712-4944-AE15-E2C519EFD148}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62D7B386-0D6C-4883-9B98-AB45CDE56249}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{635B3D69-C5D4-47DF-98B8-8B0E8CBEB958}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6623F50C-7742-4EF7-96A6-8B0FEDCABD50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{700E3E4A-B711-4EE1-BF78-4BE05DEF5C48}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{70893A4A-3826-4110-920D-D6D889ED5A06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{749AF84F-C3BE-4875-BDBB-2E5B9B3856A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74BA34C3-537C-4D85-9FC9-2E82A797C04A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79C26286-3F7F-4764-9B6D-A73B35974FF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A4AC0DA-E498-4AD2-AFD8-AA5D505907AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A514F1F-0549-488E-8E4F-4208BDF0E661}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B31AEEF-6AFB-4630-A674-5075A21D4942}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DCE503A-FBFE-4373-B90D-5E41DFCAEE05}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8164AF4C-1685-4D73-9D74-88C49242442E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85B7A9B6-991F-4B5C-B570-6350CF1E3097}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85CB6C99-DBB2-4CB0-99C2-A69340AFD245}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{870F353F-3CA2-4EE7-B20C-E45C0ED538D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87C110E4-38E8-46F8-9597-5D554049BD2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89AD75EC-E4CF-4369-AC08-06F7F2F2B878}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{902F8F93-BA6D-4206-B3E1-81894873AB02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90CD8C45-1509-4CA5-B3AF-2D1265B3F09E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90E06114-B3F6-4C10-BF9A-83E4C05A7DD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9243B386-1E99-4BB9-9629-EABD7E73614C}" = protocol=6 | dir=in | app=c:\ssi web capi module\localweb\htdocs\ta\cgi-bin\ciwweb.exe |
"{936D559E-03FA-44C4-8383-AA1346944938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93BC5077-87CA-4EB8-83A8-4F16CC2F7C66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93E8AA08-75A0-44AA-BE27-A261EF15CE33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{946F0C60-CA40-4862-9672-0410B30C8C46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A303C99-F3C4-45B6-90FD-54EEEE020ABC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B83C3C2-6844-46AD-9EFB-BE7870727E79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EB9725E-B95C-4CBC-94A0-80E6A8F96D5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EFB317D-EFB4-45CE-9F4F-98889E6A7AF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3135212-E062-42E1-BFB2-F4D9B5CD06E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4B765E7-EF83-4C93-9505-1C465DEFC416}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5B7AE01-F50C-4788-983B-F1EE910D27C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA740869-ECC1-4A5E-A0A8-8689111291D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AF62F6E0-7763-4D0C-ABB0-B4ACB897F684}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF833F7B-2BA9-4967-A06E-0F4C7761BD92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B64705D1-2E8B-486C-8F0D-BB2FB6913A2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B68ED7B6-A0A5-4E6D-A03C-A84D696DDD81}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B90F2C2A-2038-4E99-B333-AA31E5F0ECE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B92BFFC2-734B-4880-BEC1-109CF5A19DA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD208CA1-112D-42AE-BF2C-A4161DE83116}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEBDDD69-C92E-4255-9AE2-F9FF22748939}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C40929F3-65E9-455C-B4D9-D7E2798971C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C48DA0DD-5E04-4A5C-B293-256EC71DAAA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5FD3060-C9AA-48F7-B751-BD22D9935BCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C76F8FF3-B8A1-45C8-9DEC-A743457C0EDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB0DCA8C-330C-41B9-A919-CEAA952E5C47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD1B5D9E-9E92-4294-A4BB-6EA547AEDFF0}" = protocol=6 | dir=out | app=system |
"{CDA23272-F2E4-428F-9C0E-09F1AFAA24F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE08A861-18E5-4DF0-A05B-C3BDDBF329C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEB38D0E-2945-43BC-B517-ACE6ED216C7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3B98F32-066E-4C63-9E3D-56788B30DC25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5DAE480-736F-44D6-8F0B-965412C52E8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D7CEE7D3-D80E-469F-956F-8614365C8A52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D88C1215-7EDC-4A13-A02F-EE2CA4AF534F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9D94CAA-7A2E-4309-852E-63132DC92ED7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA929B9B-5D5D-43F6-9F76-6E90D8387310}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD2F7F84-5436-4633-8E8C-DE6178050347}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE07DC8E-24EB-43FD-AF85-9342778A3E41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE9B9969-D2CE-4123-BBB3-B99BFF6A425B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEB3FB6B-A0DE-4FEF-8033-0A02961B764C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E033B09E-F54B-494C-8F85-62E010D8EEF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E53260C7-5943-42C6-A787-F88F5A227CE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5A6EB21-FAF1-4CF1-B343-F5BDBE15A69C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E5F432E2-ED55-48BB-9F61-015C8F4D4DF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E6D29D32-20FF-449D-A767-0A55786BA7A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECA5A21A-373A-476B-BDBC-99E91992C93E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ECC6D632-14A1-497D-A2BC-1617A63675A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFEEDAA2-76B1-4B25-8E2A-C3983D0ED7C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F21C9245-8606-4E9E-A85E-4345973A3025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F301B98B-EC02-4160-94BD-B3962CD37C20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F61B9297-A615-4C6E-AC42-36FF99F5A4B8}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{FA311171-AC91-4A6E-91F3-547D5A567B20}" = protocol=17 | dir=in | app=c:\ssi web capi module\localweb\htdocs\ta\cgi-bin\ciwweb.exe |
"{FB1263A2-529F-4A18-893A-CF00899AC89D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBA75BE3-368B-43F2-A882-4F1D0C66B10B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC1567CB-0CB2-4483-BBC2-172D6F75091E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{158BA264-C14B-4CC8-97EA-DE693AF03FE9}C:\program files\sawtooth software\ssi web capi module\localweb\apache.exe" = protocol=6 | dir=in | app=c:\program files\sawtooth software\ssi web capi module\localweb\apache.exe |
"TCP Query User{1B96644D-1128-4207-84A8-E618C51CFA6D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{2BD25EE2-0E73-426A-824B-ED2341256DD4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4576E295-0BE8-43AA-BEEE-44BD62BC6D46}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{94E37C7A-60E4-4FE3-BA3E-FC7FE69FE98A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{CB2F5EBB-7794-44DA-BA51-1084335FAEF3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D2A46EA8-CBCF-47BB-A99A-BE4A30AADED4}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{EC4982D0-6AA9-4419-9D43-F1780DBC93CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0D9BDBB2-606F-4E71-A12C-F460856CB8A7}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{2379A66E-0FA3-4B74-891F-D8003E39E4ED}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6781D730-3B6A-4690-96A1-7E8C9D7ADE6F}C:\program files\sawtooth software\ssi web capi module\localweb\apache.exe" = protocol=17 | dir=in | app=c:\program files\sawtooth software\ssi web capi module\localweb\apache.exe |
"UDP Query User{7918AC46-A47E-43FC-9164-D59EAD6550F8}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{9DB22936-EF12-4A79-BBEB-E69A86BE283A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BEEC81CC-9135-4A74-AAE5-3F4FF95F3429}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F1096487-2187-4B35-AEC9-99C4B45D410B}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F7FEE058-A3BF-464C-BEE8-950FF55D4C5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3FAB6386-E507-414D-9B61-8BE76898476E}" = Nitro PDF Professional
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C0F909B8-FE8E-4601-81F2-26982ED94310}" = Fabasoft Folio Cloud Plug-in
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Alice MOBILE E1692" = Alice MOBILE E1692
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DesktopIconAmazon" = Desktop Icon für Amazon
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f4" = f4 3.0.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreePDF_XP" = FreePDF (Remove only)
"GoldWave v5.58" = GoldWave v5.58
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"LTMOH" = LSI V92 MOH Application
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"mp3-2-wav" = mp3-2-wav converter 1.14
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SSIWEBCAPI_is1" = Sawtooth Software SSI Web CAPI Module 2.0.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVWiz" = Intel(R) TV Wizard
"VDC_is1" = Video Download Converter version 1.0.0.0
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR Archivierer
"WinZip Companion for Outlook" = WinZip Companion for Outlook
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2013 18:10:06 | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 28.01.2013 18:10:06 | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 28.01.2013 18:10:06 | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 28.01.2013 18:10:06 | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 28.01.2013 18:11:19 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.01.2013 19:54:40 | Computer Name = Barbara-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nitro
PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.01.2013 07:30:48 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 09:40:44 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 10:01:58 | Computer Name = Barbara-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: b64 Startzeit: 01cdfe2912b1e9ce Endzeit: 47 Anwendungspfad:
C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID:
Error - 29.01.2013 16:14:56 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 25.09.2010 05:33:23 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 11:33:23 - Fehler beim Herstellen der Internetverbindung. 11:33:23
- Serververbindung konnte nicht hergestellt werden..
Error - 25.09.2010 05:33:38 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 11:33:28 - Fehler beim Herstellen der Internetverbindung. 11:33:28
- Serververbindung konnte nicht hergestellt werden..
Error - 01.10.2010 05:37:54 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 11:37:53 - Fehler beim Herstellen der Internetverbindung. 11:37:54
- Serververbindung konnte nicht hergestellt werden..
Error - 01.10.2010 05:38:07 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 11:38:00 - Fehler beim Herstellen der Internetverbindung. 11:38:00
- Serververbindung konnte nicht hergestellt werden..
Error - 03.10.2010 06:14:35 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 12:14:35 - Fehler beim Herstellen der Internetverbindung. 12:14:35
- Serververbindung konnte nicht hergestellt werden..
Error - 03.10.2010 06:14:46 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 12:14:40 - Fehler beim Herstellen der Internetverbindung. 12:14:40
- Serververbindung konnte nicht hergestellt werden..
Error - 12.10.2010 02:18:41 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 08:18:41 - Fehler beim Herstellen der Internetverbindung. 08:18:41
- Serververbindung konnte nicht hergestellt werden..
Error - 12.10.2010 02:18:55 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 08:18:46 - Fehler beim Herstellen der Internetverbindung. 08:18:46
- Serververbindung konnte nicht hergestellt werden..
Error - 15.10.2010 04:09:40 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 10:09:40 - Fehler beim Herstellen der Internetverbindung. 10:09:40
- Serververbindung konnte nicht hergestellt werden..
Error - 15.10.2010 04:09:50 | Computer Name = Barbara-PC | Source = MCUpdate | ID = 0
Description = 10:09:45 - Fehler beim Herstellen der Internetverbindung. 10:09:45
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 20.10.2011 17:39:32 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 39 seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.10.2011 18:00:31 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 68 seconds with 60 seconds of active time. This session ended with a crash.
Error - 29.10.2011 16:10:54 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.02.2012 12:42:20 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.02.2012 16:50:01 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3250
seconds with 360 seconds of active time. This session ended with a crash.
Error - 13.03.2012 16:01:17 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.04.2012 13:11:08 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.04.2012 16:05:48 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.08.2012 05:13:30 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 903
seconds with 240 seconds of active time. This session ended with a crash.
Error - 06.09.2012 19:14:27 | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.01.2013 12:53:35 | Computer Name = Barbara-PC | Source = DCOM | ID = 10016
Description =
Error - 29.01.2013 12:54:42 | Computer Name = Barbara-PC | Source = DCOM | ID = 10016
Description =
Error - 29.01.2013 13:01:04 | Computer Name = Barbara-PC | Source = DCOM | ID = 10016
Description =
Error - 29.01.2013 13:01:06 | Computer Name = Barbara-PC | Source = DCOM | ID = 10016
Description =
Error - 29.01.2013 16:13:14 | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.01.2013 16:13:33 | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jswpslwf
Error - 29.01.2013 16:14:44 | Computer Name = Barbara-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 29.01.2013 16:14:44 | Computer Name = Barbara-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 29.01.2013 16:14:44 | Computer Name = Barbara-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 29.01.2013 16:14:44 | Computer Name = Barbara-PC | Source = WMPNetworkSvc | ID = 866317
Description =
[ TuneUp Events ]
Error - 04.12.2012 17:37:39 | Computer Name = Barbara-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 04.12.2012 17:37:39 | Computer Name = Barbara-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 04.12.2012 17:37:39 | Computer Name = Barbara-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Barbara |
|
30.01.2013, 01:00
| #20 | |
| /// Helfer-Team | Polizei / Cybercrime Investigation Departement VirusZitat:
 Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm255^YY^at&si=CLrYg5Sr17QCFUmN3godxy4AGw&ptb=06C7BB18-3C19-4AA1-81E9-B3ED852B91B8&ind=2013010717&n=77fc1b1d&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {18780ed6-1531-47da-bf90-c91f72f2b4ee} - No CLSID value found
IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - No CLSID value found
IE - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll File not found
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (no name) - {18780ED6-1531-47DA-BF90-C91F72F2B4EE} - No CLSID value found.
O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (no name) - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - No CLSID value found.
O3 - HKU\S-1-5-21-2834963463-4078683774-3638463507-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! danach: Windows Repair Tool (AIO)
|
|
30.01.2013, 08:26
| #21 | |
| | Polizei / Cybercrime Investigation Departement VirusZitat:
 Ich war soo  darüber schon entlassen zu sein und hab' mir ganz mutwillig was einfallen lassen.   Hängt es eigentlich mit vorher zusammen oder ist was Neues passiert? Kann man das überhaupt genau sagen? Ich werde wahrscheinlich erst am Freitag dazu kommen, das in Angriff zu nehmen. Inzwischen Danke noch einmal. Lg Barbara |
|
30.01.2013, 16:48
| #22 | ||
| /// Helfer-Team | Polizei / Cybercrime Investigation Departement VirusZitat:
 Zitat:
Melde dich mit dem FixLog wieder, dann wissen wir mehr...  |
|
04.02.2013, 22:59
| #23 |
| | Polizei / Cybercrime Investigation Departement Virus geschafft: Code:
ATTFilter ll processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{18780ed6-1531-47da-bf90-c91f72f2b4ee} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18780ed6-1531-47da-bf90-c91f72f2b4ee}\ not found.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{18780ED6-1531-47DA-BF90-C91F72F2B4EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18780ED6-1531-47DA-BF90-C91F72F2B4EE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2834963463-4078683774-3638463507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Barbara\Desktop\cmd.bat deleted successfully.
C:\Users\Barbara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Barbara
->Temp folder emptied: 131180941 bytes
->Temporary Internet Files folder emptied: 12416611 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 545 bytes
User: Barbara Arbeitsberei
->Temp folder emptied: 1165582 bytes
->Temporary Internet Files folder emptied: 2769114 bytes
User: Christian
->Temp folder emptied: 22974177 bytes
->Temporary Internet Files folder emptied: 63140110 bytes
->Java cache emptied: 78698884 bytes
->Flash cache emptied: 16911 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1123415 bytes
RecycleBin emptied: 36005252 bytes
Total Files Cleaned = 333,00 mb
Code:
ATTFilter [main]
Reboot/Shutdown=1
Reboot=False
Shutdown=True
Always On Top=0
Reset Registry Permissions=False
Reset File Permissions=False
Register System Files=True
Repair WMI=True
Repair Windows Firewall=False
Repair Internet Explorer=True
Repair MDAC/MS Jet=False
Repair Hosts File=False
Remove Policies Set By Infections=False
Repair Missing Start Menu Icons Removed By Infections=False
Repair Icons=False
Repair Winsock & DNS Cache=True
Remove Temp Files=False
Repair Proxy Settings=False
Unhide Non System Files=False
Repair Windows Updates=False
Repair CD/DVD Missing/Not Working=False
Repair Volume Shadow Copy Service=False
Repair Windows Sidebar/Gadgets=False
Set Windows Services To Default Startup=True
Repair MSI (Windows Installer)=False
Repair Windows Snipping Tool=False
Repair File Associations=False
Repair bat Association=False
Repair cmd Association=False
Repair com Association=False
Repair Directory Association=False
Repair Drive Association=False
Repair exe Association=False
Repair Folder Association=False
Repair inf Association=False
Repair lnk (Shortcuts) Association=False
Repair msc Association=False
Repair reg Association=False
Repair scr Association=False
Repair Windows Safe Mode=False
Repair Winsock && DNS Cache=False
Danke, dass du mir nach wie vor hilfst. Lg Barbara |
|
05.02.2013, 04:00
| #24 |
| /// Helfer-Team | Polizei / Cybercrime Investigation Departement Virus Bitte neu runterladen! Downloade Dir bitte AdwCleaner auf deinen Desktop.
danach berichten ob es noch Probleme gibt |
|
19.02.2013, 22:06
| #25 |
| | Polizei / Cybercrime Investigation Departement Virus Guten Abend t'john, tut mir voll leid, dass ich mich nicht mehr gemeldet habe. Der Virus hat mich selbst erwischt und ich war ewig nicht am PC. Bin gerade dabei Microsoft Security Essentials zu installierne, weil Kaspersky abläuft - danach mach' ich weiter und melde mich wieder. Danke! Mfg Barbara so, das wäre geschafft: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 19/02/2013 um 22:12:10 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Barbara - BARBARA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Barbara\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [837 octets] - [29/01/2013 21:10:12]
AdwCleaner[S2].txt - [783 octets] - [19/02/2013 22:12:10]
########## EOF - C:\AdwCleaner[S2].txt - [842 octets] ##########
Lg Barbara |
|
20.02.2013, 19:05
| #26 |
| /// Helfer-Team | Polizei / Cybercrime Investigation Departement Virus |
|
| Themen zu Polizei / Cybercrime Investigation Departement Virus |
| administrator, bildschirm, clean, computer, einfach, files, folge, gmer, java, kaspersky, kostenlose, log, malwarebytes, nod32, seite, starten, stick, systemwiederherstellung, testversion, update, updaten, usb, usb stick, version, virus |
Linear-Darstellung
