|
Log-Analyse und Auswertung: Eigentlich ungenutzter Internet Explorer öffnet unbekannte SeitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.05.2010, 15:04 | #1 |
| Eigentlich ungenutzter Internet Explorer öffnet unbekannte Seiten Hallo ihr! Ich bin neu hier da ich mir vor kurzem durch Unachtsamkeit einen Trojaner eingefangen habe! Und zwar bin ich bei MSN einem Link gefolgt, der vermutlich von einem MSN Virus meines Gesprächspartners ausging und schon spielte der PC verrückt. MSN musste zwangsweise beendet werden, da die Fenster wie wild aufblinkten und seitdem tauchten andauernd unbekannte Fenster vom Internet Explorer auf, obwohl ich Firefox nutze. Ich habe gesehen, dass das Problem hier schon einige Male aufgetaucht zu sein scheint und bin den Schritten gefolgt, die empfohlen wurden. Habe zuerst HijackThis einen Bericht machen lassen (braucht ihr den auch?), dann Malwarebytes' Anti-Malware verwendet und gescannt/gelöscht, sowie OTL für einen abschließenden Bericht angeworfen. Ich würde gerne wissen, ob die "Gefahr" jetzt wieder gebannt ist oder ob sich noch irgendwelche Viren nicht haben löschen lassen, deswegen werde ich anbei die Berichte einfügen. Ein kurzes "Alles okay" oder ein "Da solltest du nochmal ran gehen" würde mir schon reichen. Vielen Dank im Vorraus. Malware-Bericht: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4141 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 25.05.2010 15:21:18 mbam-log-2010-05-25 (15-21-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|J:\|) Durchsuchte Objekte: 526673 Laufzeit: 2 Stunde(n), 29 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Temp\Lbf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\Lbh.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Oh, zu viele Zeichen :S Dann die beiden OTL Berichte eben im nächsten Post... Geändert von Larusso (03.03.2011 um 14:53 Uhr) |
25.05.2010, 15:07 | #2 |
| Eigentlich ungenutzter Internet Explorer öffnet unbekannte Seiten OTL-Bericht:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.05.2010 15:44:06 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 484,06 Gb Total Space | 309,87 Gb Free Space | 64,01% Space Free | Partition Type: NTFS Drive D: | 11,67 Gb Total Space | 1,57 Gb Free Space | 13,46% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 100,44 Gb Total Space | 100,34 Gb Free Space | 99,91% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 232,83 Gb Total Space | 131,51 Gb Free Space | 56,49% Space Free | Partition Type: FAT32 Computer Name: PS-SKLAVE Current User Name: Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Public\winnsvc.exe () PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe () SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys (Logitech Inc.) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys (Wacom Technology) DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys (Wacom Technology) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.06 13:10:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.06 13:10:26 | 000,000,000 | ---D | M] [2008.09.30 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.24 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions [2010.05.01 09:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.30 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.01 09:18:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.06 18:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\DeviceDetection@logitech.com [2010.03.11 15:04:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\illimitux@illimitux.net [2010.02.16 18:44:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gki95035.default\extensions\moveplayer@movenetworks.com [2010.05.12 19:24:03 | 000,002,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\gki95035.default\searchplugins\googlede.xml [2010.04.01 12:00:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.03.12 23:48:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 23:48:21 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 23:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 23:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 23:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0adc5997-ebaf-11dd-8f09-002215194957}\Shell - "" = AutoRun O33 - MountPoints2\{0adc5997-ebaf-11dd-8f09-002215194957}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found O33 - MountPoints2\{20a6e894-a608-11de-93de-002215194957}\Shell - "" = AutoRun O33 - MountPoints2\{20a6e894-a608-11de-93de-002215194957}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found O33 - MountPoints2\{20a6e8b9-a608-11de-93de-002215194957}\Shell - "" = AutoRun O33 - MountPoints2\{20a6e8b9-a608-11de-93de-002215194957}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found O33 - MountPoints2\{b036543f-b355-11de-9495-002215194957}\Shell - "" = AutoRun O33 - MountPoints2\{b036543f-b355-11de-9495-002215194957}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found O33 - MountPoints2\{b0365441-b355-11de-9495-002215194957}\Shell - "" = AutoRun O33 - MountPoints2\{b0365441-b355-11de-9495-002215194957}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.25 12:50:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.05.25 12:50:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.05.25 12:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.25 12:50:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.05.25 12:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.25 12:49:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam146-setup.exe [2010.05.25 12:41:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Projekte [2010.05.25 12:37:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.25 11:34:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogiShrd [2010.05.25 11:25:56 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.05.25 10:46:49 | 001,869,880 | ---- | C] (Logitech, Inc.) -- C:\Users\***\Desktop\lu_logitech_ui.exe [2010.05.25 10:40:17 | 053,665,960 | ---- | C] (Logitech, Inc.) -- C:\Users\***\Desktop\qc1100_x64.exe [2010.05.18 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.05.18 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2010.05.18 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0 [2010.05.18 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6 [2010.05.18 22:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010.05.18 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\inkscape [2010.05.18 22:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2010.05.17 15:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWood [2010.05.09 00:41:10 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2010.05.09 00:40:37 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll [2010.05.09 00:40:37 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2010.05.09 00:40:37 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2010.05.09 00:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2010.05.01 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Fotos [2010.04.30 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.28 18:22:24 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.04.28 18:22:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.04.28 18:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.04.28 18:20:24 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.04.27 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Prince of Persia [2010.04.26 22:28:41 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.04.26 22:28:41 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.04.26 22:28:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.04.26 22:28:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.04.26 22:28:41 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.04.26 22:28:41 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.04.26 22:28:40 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2010.04.26 22:28:40 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010.04.26 22:28:40 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2010.04.26 22:28:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2010.04.26 22:28:40 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2010.04.26 22:28:40 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2010.04.26 22:28:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2010.04.26 22:28:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2010.04.26 22:28:40 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2010.04.26 22:28:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2010.04.26 22:28:39 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2010.04.26 22:28:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2010.04.26 22:28:39 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2010.04.26 22:28:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2010.04.26 22:28:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2010.04.26 22:28:39 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2010.04.26 22:28:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2010.04.26 22:28:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2010.04.26 22:28:38 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2010.04.26 22:28:38 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2010.04.26 22:28:38 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2010.04.26 22:28:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2010.04.26 22:28:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2010.04.26 22:28:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2010.04.26 22:28:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2010.04.26 22:28:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2010.04.26 22:28:37 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2010.04.26 22:28:37 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2010.04.26 22:28:37 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2010.04.26 22:28:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2010.04.26 22:28:37 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2010.04.26 22:28:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2010.04.26 22:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.04.26 14:11:21 | 000,000,000 | ---D | C] -- C:\Windows\pss [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.25 15:43:22 | 004,194,304 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.25 15:29:07 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.25 15:29:07 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.25 15:29:07 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.25 15:29:07 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.25 15:29:07 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.25 15:24:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.25 15:24:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.25 15:24:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.25 15:24:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.25 15:22:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.05.25 15:22:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{55b21bd1-c3a9-11dd-b5d2-00116b373031}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 15:22:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{55b21bd1-c3a9-11dd-b5d2-00116b373031}.TM.blf [2010.05.25 15:22:29 | 003,655,308 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.25 12:50:27 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.25 12:50:22 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.25 12:49:40 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam146-setup.exe [2010.05.25 12:38:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.25 12:36:07 | 000,138,688 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.25 10:46:50 | 001,869,880 | ---- | M] (Logitech, Inc.) -- C:\Users\***\Desktop\lu_logitech_ui.exe [2010.05.25 10:41:15 | 053,665,960 | ---- | M] (Logitech, Inc.) -- C:\Users\***\Desktop\qc1100_x64.exe [2010.05.24 10:48:34 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll.new [2010.05.23 16:58:38 | 000,005,992 | ---- | M] () -- C:\Users\***\Documents\cc_20100523_165834.reg [2010.05.22 21:17:35 | 000,002,615 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2010.05.21 07:55:59 | 002,399,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.05.20 19:56:09 | 000,002,290 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.05.19 22:35:20 | 000,002,657 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2010.05.18 22:32:29 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.05.18 22:10:40 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk [2010.05.17 15:59:10 | 000,000,940 | ---- | M] () -- C:\Users\***\Desktop\Atlantis3 Spielen.lnk [2010.05.09 00:48:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.05.09 00:48:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.05.09 00:41:10 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2010.05.09 00:40:37 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll [2010.05.09 00:40:37 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2010.05.09 00:40:37 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2010.05.05 23:45:07 | 000,000,824 | ---- | M] () -- C:\Users\***\Documents\cc_20100505_234501.reg [2010.05.03 18:40:51 | 000,005,888 | ---- | M] () -- C:\Users\***\Documents\cc_20100503_184043.reg [2010.04.30 22:24:28 | 000,002,953 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg [2010.04.30 22:24:28 | 000,001,191 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2010.04.30 20:44:11 | 000,001,036 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.28 18:22:56 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.27 16:45:39 | 000,001,022 | ---- | M] () -- C:\Users\***\Desktop\Prince of Persia - Verknüpfung.lnk [2010.04.26 14:10:02 | 000,002,296 | ---- | M] () -- C:\Users\***\Documents\cc_20100426_140949.reg [2010.04.25 23:49:33 | 000,004,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100425_234929.reg [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.25 12:50:22 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.25 12:00:38 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.23 16:58:35 | 000,005,992 | ---- | C] () -- C:\Users\***\Documents\cc_20100523_165834.reg [2010.05.20 19:56:09 | 000,002,290 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.05.18 22:32:29 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.05.18 22:10:40 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk [2010.05.17 15:59:10 | 000,000,940 | ---- | C] () -- C:\Users\***\Desktop\Atlantis3 Spielen.lnk [2010.05.09 00:48:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.05.09 00:48:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.05.05 23:45:04 | 000,000,824 | ---- | C] () -- C:\Users\***\Documents\cc_20100505_234501.reg [2010.05.03 18:40:45 | 000,005,888 | ---- | C] () -- C:\Users\***\Documents\cc_20100503_184043.reg [2010.04.28 18:22:56 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.27 16:45:39 | 000,001,022 | ---- | C] () -- C:\Users\***\Desktop\Prince of Persia - Verknüpfung.lnk [2010.04.26 14:09:51 | 000,002,296 | ---- | C] () -- C:\Users\***\Documents\cc_20100426_140949.reg [2010.04.25 23:49:31 | 000,004,100 | ---- | C] () -- C:\Users\***\Documents\cc_20100425_234929.reg [2009.10.29 20:56:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.29 20:55:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.15 18:43:33 | 000,554,496 | R--- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2008.10.07 10:13:30 | 000,197,912 | R--- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.30 21:01:03 | 002,463,976 | R--- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2008.06.17 22:33:51 | 000,327,680 | R--- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.06.17 22:33:51 | 000,102,400 | R--- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\´***\Desktop\Wolfsheim_-_Find_You_re_Here___Find_You_re_Gone.avi:TOC.WMV < End of report > Geändert von Larusso (03.03.2011 um 15:04 Uhr) |
25.05.2010, 15:07 | #3 |
| Eigentlich ungenutzter Internet Explorer öffnet unbekannte Seiten Extra-Bericht (OTL):
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.05.2010 15:44:06 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 484,06 Gb Total Space | 309,87 Gb Free Space | 64,01% Space Free | Partition Type: NTFS Drive D: | 11,67 Gb Total Space | 1,57 Gb Free Space | 13,46% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 100,44 Gb Total Space | 100,34 Gb Free Space | 99,91% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 232,83 Gb Total Space | 131,51 Gb Free Space | 56,49% Space Free | Partition Type: FAT32 Computer Name: PS-SKLAVE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 28 E0 23 31 FA 5E CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1CB0E8CE-EFB3-4982-8C4E-7D81E2DAB17E}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{1D56100C-5E1B-4C3E-A796-D25BA21FDC0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DF697DE-B86E-46C2-905E-F0A78B750A2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{28119BA9-6548-400A-BD14-2DDD5D2E958C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{421A5A8B-0EA3-48AB-BA90-43D8F19A4F2C}" = lport=2869 | protocol=6 | dir=in | app=system | "{45C0ABDF-8B18-49F9-BF78-1B2DF0FF1DBA}" = rport=445 | protocol=6 | dir=out | app=system | "{4FD111DA-D52B-49C4-AA78-671D238DB461}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5913CEED-3788-486F-818B-B3E91340F54B}" = lport=445 | protocol=6 | dir=in | app=system | "{611008D3-4C22-425E-9422-F4FDC6B71ED0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6454160F-410F-42C1-9736-8726A81E0428}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{662C67BD-3A81-4DBB-BD34-913DF74BD111}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6C162D77-E04E-441E-8AFB-100ABADF8415}" = rport=139 | protocol=6 | dir=out | app=system | "{70675CD5-6DF3-4A4E-95A2-8C7951AF7088}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8887DE3C-3DEB-488C-A5C0-86C045AD296E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9CE0D216-F706-43F0-B9B0-1ECC3569BD2A}" = lport=138 | protocol=17 | dir=in | app=system | "{A7430BA7-C690-4413-A9DA-1785776DBD0B}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{B7153A3E-C882-494E-9DDC-73FB64DFE819}" = lport=137 | protocol=17 | dir=in | app=system | "{B7FEFA58-4B28-46D8-8715-25D16647AB50}" = rport=137 | protocol=17 | dir=out | app=system | "{C7C3AB52-102A-451B-A9EE-5987A69EF421}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DF91FE43-D707-485D-9854-60B808644229}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E9F6F682-FCB7-49B6-BD7E-C417F0FC5957}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F9493142-82C8-4983-8D9C-A86820028696}" = lport=139 | protocol=6 | dir=in | app=system | "{FBF3CB19-1D4C-4D75-AEF1-9FC3A1FA8A36}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC934EA9-E49D-469C-942B-5BFB40DE0EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFD57D40-2ABA-4ADA-B5DA-09C751BFBA2D}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CC4330-12B2-4409-85BB-0B1D31CA4F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{028594E6-361F-45D4-8DA4-2F4C624AA172}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1CC060C8-49D8-4BA3-A765-D0B23ACE550C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | "{4E947620-CC26-40A2-882F-6576B3111F93}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{546E283F-B2F3-40E3-8BFF-0921F32B4B0F}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | "{5A69E39E-98D1-4200-B5DC-9DF4AD0D3C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{61093A73-4A6A-46C9-B63C-823483411C7B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{68D884E2-BF52-41BC-ADBA-D36CA2D0720E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6C29E45D-2F16-42C1-8F0B-653EC173F0ED}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | "{7056B49F-739A-4F5D-8E05-781C957FF07F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{735A41CA-924F-4EB6-AAB2-0C964FF12F20}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{78E80D2A-ECD6-41C2-B226-ACFAE451FCD4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{791FDE6D-6868-49A8-883B-B38454E81E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8764BDE3-F5D7-44AC-9430-4FAD368F4226}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | "{8D9438E1-80D8-4BFF-A72B-956E4B1DB38D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{8ECBBBA4-8D3B-464D-B6FC-175FE9FA4EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{8F54C977-3C1C-43E3-8366-B4D6AA4AB747}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | "{A27AC950-7DF9-42F8-92F5-0AC468AEE74D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A8820DE4-D3D2-41BC-A434-A11454EFC594}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | "{AB3E1449-2132-4403-9B46-F7EB3EF92E44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B3307365-12DA-49E7-BE5D-B4DDDBB98149}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{BB0FE9E6-3700-4727-90DA-DA1D55AF7DB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C75E528C-0887-42F1-A561-9786D6F62C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C90ACC1A-815E-4408-A0CF-2218AB90E7B1}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{C9453730-FB9B-4BE0-ABA8-6CE2E0FA3366}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | "{D0B44D70-126C-4558-B535-716C34604BF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D58705CA-8C5B-439E-95F4-E2261213A6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DF38F479-FB13-4751-9820-138EE66EF2A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{E6050C4C-82EB-4219-8242-49CD2FDBD67F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E9783D40-4035-48F1-A34C-65DFC207CC93}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F01DD5F1-9BF0-47EF-A7AA-27FDC7838566}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | "{F57389A4-628A-4F35-8399-A415015646CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F9253D46-362C-400A-93B8-A0E3283C75FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FBC43829-CDCC-4CDD-9BFD-00F5ADB2A9D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{4DD27208-6347-44AE-A556-9282FDFCBCA4}C:\program files (x86)\ralink\common\apui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\apui.exe | "TCP Query User{9C399A77-D280-4817-96A0-8AE3E60979FB}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "TCP Query User{A34B52C8-3510-467E-87AA-50DC4F0B2819}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{B70A6471-D511-4AB4-A3E5-D05278C475E7}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{3A02D000-7499-4923-A8AC-DD6850D180FE}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{6538C821-12D2-4000-BB9E-35EE88FA4922}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "UDP Query User{685C9A85-1E50-42BE-9593-C1CC5B434B25}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{A48737C9-693F-4CBB-823C-E17A5F9C05C5}C:\program files (x86)\ralink\common\apui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\apui.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{83584F8F-6828-440D-B0B4-52495D5DA803}" = iTunes "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A7CA92E-C518-9C36-3105-B087DCE86887}" = ccc-utility64 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFA90C29-43CE-DA57-ADB1-66896590754B}" = ATI Catalyst Install Manager "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "7C3B20D7A6E59F324247FCFEDEFA94CB3339BA1C" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{397D932C-93C8-72BD-12C3-E81AF1BE7D11}" = Catalyst Control Center InstallProxy "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CDC9034-9505-BABE-215A-3250EC111E5E}" = Catalyst Control Center HydraVision Full "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69b15d7e-c375-4f1d-9ae5-28e8671bb20a}" = Nero 9 "{6A25BF3A-5AA3-62F8-7AE1-412107673F42}" = Catalyst Control Center Graphics Light "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia "{82442D8F-A2B7-4038-A62E-3DDC75215AAA}" = Catalyst Control Center Core Implementation "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{87D00EFA-985C-DFEF-0FE1-92AB2EC328C9}" = Catalyst Control Center Graphics Previews Vista "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A2147CC9-5DCE-49EC-9550-BB0B94278958}" = Biolab "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{B0C539DC-FFA1-75FD-5FDF-4D1B766A527D}" = Catalyst Control Center Graphics Full New "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D4D271B9-EFBF-45B7-ACF8-DC8B1A424756}" = Atlantis 3 "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection "{DA94DBCB-FA7B-7746-DDDE-1173F06D633A}" = Catalyst Control Center Graphics Full Existing "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE51FC86-7F89-D281-FCB1-A78BFE0C9044}" = ccc-core-static "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library "{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17 "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{EB1F288D-4835-6D99-B9F4-09983AA60B17}" = Catalyst Control Center Graphics Previews Common "{F0AB2BE7-1C66-B4FE-DA8C-127CE781E893}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1 "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3 "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CCleaner" = CCleaner "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "ENTERPRISER" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Gehirnjogging - Special Edition" = Gehirnjogging - Special Edition "Guild Wars" = GUILD WARS "HijackThis" = HijackThis 2.0.2 "Inkscape" = Inkscape 0.47 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "PC-Doctor 5 for Windows" = Hardware Diagnose Tools "Pen Tablet Driver" = Stifttablett "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Tunatic" = Tunatic "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Update Service "VLC media player" = VLC media player 1.0.1 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.05.2010 16:08:37 | Computer Name = PS-Sklave | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Photoshop.exe, Version 10.0.1.0, Zeitstempel 0x470fd6cb, fehlerhaftes Modul Photoshop.exe, Version 10.0.1.0, Zeitstempel 0x470fd6cb, Ausnahmecode 0xc0000005, Fehleroffset 0x00ba9768, Prozess-ID 0x114c, Anwendungsstartzeit 01caec8bcef74000. Error - 05.05.2010 16:49:53 | Computer Name = PS-Sklave | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: dd0 Anfangszeit: 01caec25f5572eca Zeitpunkt der Beendigung: 0 Error - 05.05.2010 18:08:47 | Computer Name = PS-Sklave | Source = Bonjour Service | ID = 100 Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 05.05.2010 18:08:48 | Computer Name = PS-Sklave | Source = Bonjour Service | ID = 100 Description = 424: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 05.05.2010 18:08:48 | Computer Name = PS-Sklave | Source = Bonjour Service | ID = 100 Description = 428: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 05.05.2010 18:08:48 | Computer Name = PS-Sklave | Source = Bonjour Service | ID = 100 Description = 432: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 05.05.2010 18:08:48 | Computer Name = PS-Sklave | Source = Bonjour Service | ID = 100 Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 06.05.2010 14:10:58 | Computer Name = PS-Sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.05.2010 14:10:58 | Computer Name = PS-Sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.05.2010 14:11:19 | Computer Name = PS-Sklave | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 24.05.2010 19:10:10 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 24.05.2010 19:22:10 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 24.05.2010 19:34:09 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 24.05.2010 19:46:09 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 24.05.2010 19:58:09 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 24.05.2010 20:10:09 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 25.05.2010 07:42:45 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 25.05.2010 07:54:47 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 25.05.2010 08:06:47 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = Error - 25.05.2010 08:18:47 | Computer Name = PS-Sklave | Source = bowser | ID = 8003 Description = < End of report > Geändert von Larusso (03.03.2011 um 15:04 Uhr) |
Themen zu Eigentlich ungenutzter Internet Explorer öffnet unbekannte Seiten |
.dll, anti-malware, dateien, explorer, firefox, hijack, hijackthis, internet, internet explorer, link, local\temp, löschen, malwarebytes, malwarebytes' anti-malware, microsoft, msn, msn virus, neu, problem, seite, seiten, software, temp, trojan.downloader, trojaner, trojaner eingefangen, unbekannte seiten, viren, virus, öffnet |