| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ThinkPoint vollständig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.11.2010, 21:34
| #1 |
 |  ThinkPoint vollständig entfernt? Ich habe mir vor einigen Tagen den ThinkPoint eingefangen und ihm dann blöderweise auch erlaubt, sich auf meinem Rechner breit zu machen. Gemäß eurer Anleitung habe ich mit rkill und Malwarebytes Anti-Malware das Gröbste entfernen können. Ein paar Tage später, fing der Computer dann aber an im Browser auf andere Seiten umzuleiten, die sofort vom Firefox oder Virenscanner blockiert wurden. Zudem kam immer wieder die Meldung "hostprozess für windows dienste funktioniert nicht mehr". Auch die Windows Updates funktionieren manchmal nicht. Der Virenscanner kam ständig mit einer Meldung hoch. Ich habe dann gestern nochmal SUPERAntiSpyware laufen lassen, was auch nochmal über 50 Objekte gefunden hat. Der Browser verhält sich seitdem normal, die Hostprozesse stürzen weiterhin manchmal ab. Ein weiterer Quickscan mit Anti-Malware mir vorherigem kill aller Prozesse mit OTH brachte keine neuen Funde. Log Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5054
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
05.11.2010 23:32:25
mbam-log-2010-11-05 (23-32-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 528465
Laufzeit: 3 Stunde(n), 9 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Gbot) -> Data: c:\users\jonas\appdata\local\temp\dwm.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Program Files\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Program Files\dektop-games\DESKTOP.EXE (Joke.Stressreducer) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[2].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\3[1].exe (Rootkit.TDSS) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\erztbwqyg[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtbwqys[1].htm (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtovqub[1].htm (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\imdysnucxe[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\2[1].exe (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\iyghyu.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\jehw.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\dwm.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> No action taken.
C:\Users\Jonas\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> No action taken.
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/13/2010 at 09:35 PM
Application Version : 4.45.1000
Core Rules Database Version : 5857
Trace Rules Database Version: 3669
Scan type : Complete Scan
Total Scan Time : 04:08:34
Memory items scanned : 783
Memory threats detected : 0
Registry items scanned : 12196
Registry threats detected : 0
File items scanned : 384540
File threats detected : 55
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[4].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@edge.download.newmedia.nacamar[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.zanox-affiliate[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.zanox[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yn-ads[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@xiti[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad2.adfarm1.adition[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@microsoftsto.112.2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@avgtechnologies.112.2o7[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.gruenderszene[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.youporn[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.medienhaus[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@data.coremetrics[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[6].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adc-serv[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@webmasterplan[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@imrworldwide[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.hannoversche[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@nacamar.adbureau[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.traffictrack[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@de.sitestat[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[9].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@youporn[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@4stats[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.quisma[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox-affiliate[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[3].txt
atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
bc.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
files.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
icq.oberon-media.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
m.de.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
media1.break.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
multimedia.metacafe [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
richmedia.coolespiele.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
spe.atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
static.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
track.webgains.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
Trojan.Agent/Gen-Deskryp
C:\USERS\***\APPDATA\LOCAL\TEMP\3.EXE
Code:
ATTFilter OTL logfile created on: 14.11.2010 20:58:35 - Run 1 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Miranda IM\miranda32.exe ( ) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe File not found SRV - (AMService) -- C:\Windows\TEMP\ysin\setup.exe File not found SRV - ({B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found SRV - ({1E4009C0-5F19-403F-B87270576C4E742B}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (cvslock) -- C:\Program Files\CVSNT\cvslock.exe () SRV - (cvsnt) -- C:\Program Files\CVSNT\cvsservice.exe (March Hare Software Ltd) SRV - (Apache2) -- C:\Program Files\XAMPP\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (XAMPP) -- C:\Programme\XAMPP\xampp\service.exe () ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found DRV - (VHidMinidrv) -- C:\Windows\System32\drivers\VHIDMini.sys File not found DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (iMSPQMn) -- C:\Users\***\AppData\Local\Temp\iMSPQMn.sys File not found DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys File not found DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys File not found DRV - (BlueletAudio) -- C:\Windows\System32\DRIVERS\blueletaudio.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (hotcore2) -- C:\Windows\system32\drivers\hotcore2.sys (Paragon Software Group) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (qkbfiltr) -- C:\Windows\System32\drivers\qkbfiltr.sys (Quanta Computer Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2 FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.09 21:42:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.06 09:36:25 | 000,000,000 | ---D | M] [2008.11.13 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions [2010.03.04 08:32:05 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.10.09 15:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.05.26 07:50:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.03 22:48:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.04.16 18:09:04 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.03.04 08:32:04 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.03.04 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010.07.10 15:33:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009.07.03 09:39:16 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.11.07 10:03:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.19 10:06:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2008.05.08 22:42:16 | 000,000,000 | ---D | M] (Header Monitor) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648} [2010.11.14 15:20:15 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.09.07 15:35:24 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8} [2010.05.07 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\firebug@software.joehewitt.com [2009.06.28 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\LogMeInClient@logmein.com [2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.03 14:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.03 14:17:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.09.24 11:01:00 | 002,650,112 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npRACtrl.dll [2007.08.06 11:07:00 | 000,008,784 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ractrlkeyhook.dll [2007.07.18 13:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\unicows.dll [2010.03.13 12:11:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:11:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:11:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:11:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:11:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Keyboard Manager Utility] c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk = C:\Programme\Miranda IM\miranda32.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: j-breuer.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (setuid) - C:\Windows\System32\setuid.dll (March-Hare Software Ltd) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2000.12.21 15:54:08 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2000.12.21 15:54:08 | 000,032,768 | R--- | M] () O33 - MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell - "" = AutoRun O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\Shell\AutoRun\command - "" = F:\starter.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.14 15:21:55 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.11.13 17:23:41 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.11.10 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2010.11.10 21:10:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.11.10 21:10:00 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.10 21:10:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.11.10 21:09:05 | 000,000,000 | ---D | C] -- C:\Programme\QLandkarteGT [2010.11.10 21:08:32 | 000,000,000 | ---D | C] -- C:\Programme\FWTools2.4.7 [2010.11.05 20:48:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.05 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.05 19:51:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.05 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.05 19:50:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.03 19:52:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\QuickPar [2010.11.03 19:51:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar [2010.10.31 14:31:30 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001 [2010.10.31 14:31:30 | 000,000,000 | ---D | C] -- C:\Programme\LAWICEL [2010.10.31 14:29:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.10.31 14:29:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.10.31 11:27:42 | 000,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll [2010.10.31 11:27:42 | 000,185,664 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\FTLang.dll [2010.10.31 11:27:42 | 000,120,128 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftbusui.dll [2010.10.31 11:27:42 | 000,072,000 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys [2010.10.31 11:27:42 | 000,057,536 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys [2010.10.31 11:27:42 | 000,051,528 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftserui2.dll [2010.10.31 11:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Received Files [2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\skins [2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\docs [2010.10.29 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda [2010.10.29 22:18:19 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM [2010.10.29 16:37:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL [2010.10.29 16:36:45 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.10.25 20:41:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job [2010.11.14 17:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.14 17:07:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.14 16:03:38 | 000,002,753 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2010.11.14 16:03:19 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.14 16:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.14 16:02:42 | 2137,169,920 | -HS- | M] () -- C:\hiberfil.sys [2010.11.14 16:01:35 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.14 15:23:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2010.11.11 17:21:08 | 000,680,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.11 17:21:08 | 000,643,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.11 17:21:08 | 000,133,088 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.11 17:21:08 | 000,116,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.06 00:18:54 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.11.05 23:40:22 | 197,318,901 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.05 20:51:33 | 003,903,424 | ---- | M] () -- C:\Users\***\Desktop\cofi.exe [2010.11.05 20:49:51 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.05 19:51:30 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.05 18:59:36 | 000,000,006 | ---- | M] () -- C:\Users\***\AppData\Roaming\start [2010.11.05 18:19:45 | 000,071,168 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 22:15:31 | 000,000,865 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk [2010.11.04 16:02:19 | 000,000,956 | ---- | M] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2010.10.31 14:59:34 | 000,000,854 | ---- | M] () -- C:\Windows\ODBC.INI [2010.10.31 14:31:47 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.10.31 14:31:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.16 19:11:02 | 000,000,553 | ---- | M] () -- C:\Users\***\Desktop\MapSource.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.14 17:11:34 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job [2010.11.05 20:49:40 | 003,903,424 | ---- | C] () -- C:\Users\***\Desktop\cofi.exe [2010.11.05 19:51:30 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.05 19:45:40 | 197,318,901 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.05 18:44:30 | 000,000,006 | ---- | C] () -- C:\Users\***\AppData\Roaming\start [2010.11.04 22:15:31 | 000,000,865 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk [2010.11.02 19:50:13 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.31 14:31:31 | 000,077,824 | ---- | C] () -- C:\Windows\System32\canusbdrv.dll [2010.10.29 22:34:22 | 000,200,704 | ---- | C] () -- C:\tipper.dll [2010.10.16 19:11:02 | 000,000,553 | ---- | C] () -- C:\Users\***\Desktop\MapSource.lnk [2010.10.12 13:12:18 | 000,000,101 | ---- | C] () -- C:\Users\***\AppData\Roaming\wgnuplot.ini [2010.10.10 11:49:36 | 000,000,369 | ---- | C] () -- C:\Windows\Sim7.ini [2010.10.10 08:47:15 | 000,000,956 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2010.08.18 11:50:14 | 000,001,771 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.Exception.log [2010.08.13 08:43:50 | 000,001,602 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2009.07.06 23:07:19 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.06.05 20:18:39 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2009.06.05 19:46:18 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.05.28 16:31:46 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL [2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll [2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll [2009.05.28 16:31:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll [2009.04.26 14:47:39 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2009.04.26 14:47:39 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2008.11.10 13:18:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008.09.25 13:21:34 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2008.06.25 17:45:56 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.06.25 17:45:56 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.06.25 17:45:56 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.06.05 18:42:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.06.05 18:42:09 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.06.05 18:42:09 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.05 18:42:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.05 18:42:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.04.12 09:47:59 | 000,000,069 | ---- | C] () -- C:\Windows\EasyCash.ini [2008.04.12 09:40:49 | 000,000,137 | ---- | C] () -- C:\Windows\EasyCT.INI [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2007.11.22 17:37:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.11.02 23:52:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007.11.02 23:17:24 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2007.10.19 20:00:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.10.06 19:48:32 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2007.09.23 16:06:54 | 000,004,863 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2007.09.20 06:32:39 | 000,000,854 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.20 06:32:38 | 000,001,638 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.09.19 20:33:40 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe [2007.09.19 20:33:23 | 000,071,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.19 17:28:49 | 004,239,360 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2007.09.19 17:28:49 | 000,008,192 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2007.08.30 21:06:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.30 21:06:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.08.30 21:03:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2007.08.30 14:10:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.08.24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1999.01.23 02:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2008.09.25 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT [2010.10.10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansoft [2010.06.09 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2010.08.02 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5 [2010.11.14 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.05.15 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EditPlus 2 [2010.03.03 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2010.10.28 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.05.13 23:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2008.05.28 22:14:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron [2010.10.09 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2008.12.01 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2007.10.06 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2010.10.30 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.10.29 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2010.09.15 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBackup [2007.11.02 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.08.18 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2008.08.20 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Soldat [2010.03.14 10:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2009.07.05 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2007.10.06 15:42:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\winpt [2010.11.14 17:27:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.11.2010 20:58:35 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2911781667-3860858085-696909929-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D036F1-7CBF-4D73-BE65-0AE69EEA6570}" = rport=445 | protocol=6 | dir=out | app=system |
"{0FD90608-2AB8-414B-8755-5FC10AE335D3}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{12D09895-0E50-4AA4-878B-6B3DA42CB2AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{263371CB-457F-4A88-9F21-5223CD5495F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A6B6118-A588-460B-B1D7-F08AE0C8D3B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{34325D21-122B-4D4F-96C6-A2CF8BC3C49A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F8BB26F-2178-4939-AEF0-968BE5BEF451}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{5FE616D9-950E-4365-B35C-EEF5CEA9028B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{612F93E0-46D5-40A6-84E6-A435AE0E08D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62EF8489-007E-4387-90F7-EBD2F852F0B3}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{80686A3C-100F-4B2B-87B9-6D459B871B55}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EFD9157-244C-4828-8FE5-D8FAF0607A38}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEA04196-565C-4FEE-AF6F-761893DF75FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6372AE6-AD0A-4E0A-BB83-92E54F8605EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09426128-B9B3-4DC4-8B28-8ACDC6AE907B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0FF0A11E-FBAD-4AAB-BD81-5E9D1AC60723}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{177452C9-349A-4EFF-A0E4-4635BE6C09C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19A744EB-7B7E-4BB7-88C5-67E04AAD7EFE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1B778EF4-14E8-41AD-BC4A-CAEAC6F0913C}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe |
"{1E193193-99EC-42F0-B4A4-292661885E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23CD5DBF-C897-496B-9E2B-F15C1B3366E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39DFE761-CFAF-4ABB-930B-A7C2DF6893A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DC2DF6C-E3C1-42EF-944A-97A2DD01BBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47A87006-DE44-4587-AAC3-903D6B77980E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4CA28414-8CFD-441E-BD99-8C4F4F1C45A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54ABE352-6465-46B2-8A63-605EEBDABF93}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{54EC5F90-80AB-4738-ACB0-51738C71D452}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{602E396A-7C41-4F91-A3E7-F389423A52ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6318D706-CCC7-490A-B27E-7EBD1117D8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66FFDC1D-ED3C-4762-8C50-3EB94C0877FD}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{733ED17F-BA61-41DF-B016-390DECDC169F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{739DFCFD-9B1D-48D6-B109-7CDF73D5A105}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78F52C73-4BFF-4419-81A0-6310A9311C82}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe |
"{7C13F438-8F88-4C1B-B3EC-B9AA4691F425}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7EC8C090-E40B-4C1D-B2CA-F4E053AF45E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8117545A-224D-48FA-AAC2-05B004AAB5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{831A408A-EB2E-4BCD-9E1F-DA0B275ABD18}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{83837233-078D-4DE3-89C3-8BC13B5A7C28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8AEDEF1D-96CA-4D08-B3FB-15EFD05B561B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EAB2253-D020-4510-AA5E-3F43BAC19EA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{929315D2-CE58-4C74-906B-48F3CEA5405D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9B54184C-50E5-47D4-9C9C-42521E7CA6EF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9E845B14-96C1-4856-B322-87F85F08CD11}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A3BCAA6B-44E9-4CF2-9838-0830FFCEDAEB}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A66D3810-06C9-4C33-BF9E-467EC85204F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B09CD212-E88C-4CE2-BEE5-CD30865A3E4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4041EAB-AEED-46D5-B9B3-CC48E8E14994}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB512344-7C03-4E01-AF71-CBB56B1F4C0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF7FF65B-9169-4A1B-97CA-B03DE6A43C91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFC14F0B-23C6-4DAB-A290-5012559EB89D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD93F300-3200-419B-A3FE-E1DC0D5865A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D40C6460-6B91-4A5E-AC36-E9170F309929}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA2580D5-80D4-4B9F-AD90-0D8E9A229A03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB04835A-DA47-4F37-8316-56CB575582B4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{DEAB8E26-68BC-4F22-A6EB-27BF9D71A254}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{DF5CF967-8FC6-4D2D-AD03-E44B871222C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4D7E6B1-4C12-4FD6-B0E7-00347BC95075}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC4BAFE7-EC00-41F2-BB82-611065FCF90D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FC553F34-DA40-4048-9A90-B33CA2F979CA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FDC580F0-707E-40C2-8435-B70425ED6BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE4E689C-1D87-413C-A318-0860856836DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{064D80D7-7A5D-4FAE-A9F2-936C2F9521F3}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{12EB4298-FEB6-4BDF-BCCC-384739180E86}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{2252F906-2DBC-4590-AE88-C6267D33BC1D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7394A7ED-7FD6-46C8-87E7-1C3AEC873E9D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7DC80366-36D6-4A25-8A0D-DE3859B9F3F4}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"TCP Query User{7DE3A78F-0FD1-42EA-BA35-4BB1A2BE8E0D}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{81BE67CF-428C-4C29-8D49-EBA403237FD1}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{95E79264-D437-4356-81FB-5FFD015885B4}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{981810D4-54B5-4149-80E9-4B4B6AEF3B5B}C:\program files\phped\debugger\dbglistener.exe" = protocol=6 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe |
"TCP Query User{A11B30D5-D160-4ECF-8CA3-C9CB6A313D27}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{A619A55F-D1B5-4ABE-B427-3F915B709374}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B64F4854-9F7C-4917-A69D-B683B611F7E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CCA38C5C-1B80-4C3F-A57A-5E152FB671F8}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"TCP Query User{D629DD94-6984-48E2-88D7-4A46E887261F}D:\blubspace\blubspace.exe" = protocol=6 | dir=in | app=d:\blubspace\blubspace.exe |
"TCP Query User{D6453B87-B728-4F93-B351-08869848384C}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{DEEF91D5-7774-4CFE-BB0F-197D78B9126B}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{F10BC9BF-8063-432A-AC4A-C101E042CCFE}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{08E66D1A-DE84-4A07-A7FD-2D97D83E63BF}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{21B6EC6C-09F4-49EF-8C4B-625957584A80}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{267EE2CC-129E-4E2D-B412-782FE6F68507}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{26D95935-5D45-4D97-92EC-F55F29906A89}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3B2FEF94-9D87-4F23-9120-1FC8BA0FB5A1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4DB6816E-3F7B-4CC3-8DD4-2A18025C080C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5B36212E-1879-41FA-AC2A-B22CE7BAE645}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{77FB3FE4-A261-4270-BD5E-05C978809737}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{7E1C9E02-EAA2-458F-A69C-00A15AAA2194}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"UDP Query User{9339CE29-DD65-4D85-B126-6E7107EF6AA0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A96985E5-D76B-4916-9DA7-CFBB3F043764}C:\program files\phped\debugger\dbglistener.exe" = protocol=17 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe |
"UDP Query User{B073D489-0DC3-45F1-9442-B4ED81C2060A}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C46D644F-E333-41A8-A629-6E32CEF4BFA8}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"UDP Query User{D03D9358-B9D6-479E-8A25-298BF9235D38}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{D70D5A58-70B3-4AA3-B263-82233A7E601B}D:\blubspace\blubspace.exe" = protocol=17 | dir=in | app=d:\blubspace\blubspace.exe |
"UDP Query User{ECB3511D-A902-435D-AE13-A1340E50B54C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{F1CFF249-E7B9-41B6-9067-120557E63C52}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DA6AADA-F91D-4852-946E-19AE6B8111FF}_is1" = shonkymaps
"{1DA750F9-797D-469C-A45C-215E656D7307}" = MSDN Library for Visual Studio 2005 - German
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DDC07F-2867-4407-B4FF-28EB7BA6A846}" = Steganos Live Encryption Engine 15
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{488AB4C7-6D77-4435-BF9F-94611B851552}" = Microsoft SQL Server Native Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6EF59C2E-E355-4AA8-B18A-3E19A7B8EDE9}" = UltraEdit 16.10
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{C1A887F3-0A50-455C-9292-1988E1A209C1}" = Microsoft SQL Server VSS Writer
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 8.0 Professional Demo
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E435B765-A8C2-4DDA-BBFD-2FD08B50EADC}" = WinIQSIM
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15
"{F51BA406-C885-4163-A3E4-056F951DE2FE}" = SIMPLORER 7.0 Student Version
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Blobby Volley 2.0 Alpha 6_is1" = Blobby Volley 2.0 Alpha 6
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CDex" = CDex extraction audio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045" = HDAUDIO Soft Data Fax Modem with SmartCP
"Convert Image To PDF_is1" = Convert Image To PDF
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"CuteMAP" = CuteMAP 1.0
"Deluxe Menus Trial" = Deluxe Menus Trial
"Derive5" = Derive 5
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DMS-FTP V2" = DMS-FTP V2
"doxygen_is1" = doxygen 1.5.9
"EasyCash&Tax_is1" = EasyCash&Tax 1.35
"EAX Unified" = EAX Unified
"EditPlus 2" = EditPlus 2
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Download Manager_is1" = Free Download Manager 2.5
"FWTools247" = FWTools 2.4.7
"Gish Demo_is1" = Gish Demo 1.52
"Google Updater" = Google Updater
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"GPG4Win" = GnuPG For Windows
"GSiteCrawler" = GSiteCrawler
"GyroMeter" = GyroMeter
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"iecollection_is1" = Internet Explorer Collection 1.4.0.2
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Lawicel canusb driver" = Lawicel canusb driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU
"Miranda IM" = Miranda IM 0.9.10
"mIRC" = mIRC
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Testversion)
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.4.9
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 2.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSDN Library für Visual Studio 2005 - Deutsch" = MSDN Library für Visual Studio 2005 - Deutsch
"MultipleIEs_is1" = MultipleIEs
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NHL 2000" = NHL 2000
"NuSphere PhpED_is1" = NuSphere PhpED version 5.0
"OpenAL" = OpenAL
"PHP Documentor_is1" = Php Documentor version 1.3.0 for NuSphere PhpED
"PHP_is1" = php-4.4.6 for NuSphere PhpED
"PHP5_is1" = php-5.2.1 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"PuTTY_is1" = PuTTY version 0.60
"QuickPar" = QuickPar 0.9
"Rainbow Sentinel Driver" = Sentinel System Driver
"RMX Automation" = RMX Automation (remove only)
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = bbkCANCtrl
"ST6UNST #2" = bbkCANCtrl (c:\develop\CAN\CANio\activex\vb6\)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"TortoiseCVS_is1" = TortoiseCVS 1.10.9
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"Wascana C/C++ IDE for Windows" = Wascana C/C++ IDE for Windows
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"xampp" = XAMPP 1.5.3a
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"QLandkarte GT" = QLandkarte GT (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2008 06:13:53 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 31.08.2008 14:48:14 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 31.08.2008 16:02:21 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 01.09.2008 03:15:25 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 03.09.2008 05:03:33 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 05:01:16 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 15:45:29 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 17:03:51 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 09.07.2008 07:10:11 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2796
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 16.07.2008 16:01:50 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 496 seconds with 420 seconds of active time. This session ended with a crash.
Error - 25.02.2010 05:57:44 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 60 seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.03.2010 14:37:51 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 961
seconds with 480 seconds of active time. This session ended with a crash.
Error - 04.04.2010 09:17:16 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2224 seconds with 1380 seconds of active time. This session ended with a
crash.
Error - 18.08.2010 05:40:26 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 246250
seconds with 9840 seconds of active time. This session ended with a crash.
Error - 14.10.2010 09:24:36 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 163599
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 02.11.2010 15:11:17 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 302031
seconds with 9840 seconds of active time. This session ended with a crash.
Error - 06.11.2010 16:53:38 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79925
seconds with 3000 seconds of active time. This session ended with a crash.
Error - 11.11.2010 02:38:31 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52380
seconds with 4260 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description =
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description =
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description =
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description =
Error - 14.11.2010 11:06:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7009
Description =
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 11:27:01 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description =
Error - 14.11.2010 12:11:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 12:35:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Geändert von Jonas66 (14.11.2010 um 22:11 Uhr) Grund: ergänzende Information |
| Themen zu ThinkPoint vollständig entfernt? |
| 0x00000001, 32 bit, ad-aware, ad.yieldmanager, antivir, avgntflt.sys, avira, backdoor.gbot, blockiert, bonjour, browser, computer, corp./icp, dropbox, dwm.exe, entfernen, entfernt?, error, excel, firefox, firefox.exe, flash player, free download, funktioniert nicht mehr, google, google earth, hijack.shell, home, home premium, iastor.sys, iexplore.exe, install.exe, joke.stressreducer, location, logfile, malware.packer, microsoft office word, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, pup.keylogger, saver, scan, sched.exe, searchplugins, security, senden, shell32.dll, skype.exe, software, start menu, studio, symantec, teamspeak, thinkpoint, tower, updates, visual studio, vlc media player, windows, windows updates |
Baum-Darstellung