| |
| |||||||
Log-Analyse und Auswertung: Bildschirm wird bläulich, reagiert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.11.2010, 23:59
| #1 | ||
| |  Bildschirm wird bläulich, reagiert nicht mehr Der Bildschirm meines Computers wird plötzlich bläulich und friert ein. Ich schalte ihn aus und starte neu. Manchmal klappt das, das Problem taucht aber ziemlich schnell wieder auf. Manchmal erscheint auch die 'Systemstartreperatur' und danach die 'Systemwiederherstellung', danach wird neugestartet. Das Problem kommt aber wieder. Ergebnis von hijackthis: Zitat:
Ich wollte das jetzt schonmal schnell abschicken, weil ich es schon ein paar Mal versucht habe und das Problem wieder aufgetreten ist. edit:hier der log Zitat:
Vielen Dank schonmal! Geändert von LunaHH (19.11.2010 um 00:51 Uhr) Grund: Addierung des Malwarebite-Logs |
|
19.11.2010, 12:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bildschirm wird bläulich, reagiert nicht mehr Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
19.11.2010, 22:07
| #3 | |
| | Bildschirm wird bläulich, reagiert nicht mehr Inzwischen passiert es auch manchmal, dass der Bildschirm bläulich wird, kurz einfriert und dann aber wieder normal wird.
__________________Dann wird manchmal bei der Taskleiste angezeigt: 'Anzeigetreiber wurde nach einem Fehler wiederhergestellt'(o.ä.)...das passiert aber öfter. hier der log der vollständigen Sytsemprüfung mit malwarebytes: Zitat:
Den Scan mit OTL poste ich, sobald er fertig ist. Muss ich beim OTL Scan die Häkchen bei Purity Prüfung und LOP Prüfung aktivieren? Geändert von LunaHH (19.11.2010 um 22:11 Uhr) Grund: Frage hinzugefügt |
|
19.11.2010, 22:21
| #4 |
| | Bildschirm wird bläulich, reagiert nicht mehr Hier die Ergebnisse vom Scan mit OTL 1.log OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2010 22:15:09 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Media\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 44,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 457,65 Gb Total Space | 204,07 Gb Free Space | 44,59% Space Free | Partition Type: NTFS Drive D: | 8,11 Gb Total Space | 1,01 Gb Free Space | 12,44% Space Free | Partition Type: NTFS Computer Name: MEDIA-PC | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Media\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclIVTBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe () PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\p2phost.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\phonostar\ps_timer.exe (phonostar) PRC - C:\Programme\phonostar\ps_agent.exe (phonostar) PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation.) PRC - C:\VistaOSX09\RKLauncher.exe (RaduKing) PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Windows\vsnpstd.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Media\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Unlocker\UnlockerHook.dll () MOD - C:\VistaOSX09\RKLauncher.dll (RaduKing) ========== Win32 Services (SafeList) ========== SRV - (SNMPTRAPShellHWDetection) -- C:\Windows\System32\12520437s.exe File not found SRV - (PNRPAutoRegWPDBusEnum) -- C:\Windows\System32\amxreadm.exe File not found SRV - (AVK Tuner Service) -- C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation) SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation) SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation) SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation) SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Program Files\UltraStar Deluxe\zlportio.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.) DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (zebrsce) -- C:\Windows\System32\drivers\zebrsce.sys (MCCI) DRV - (zebrmdmc) Sony Ericsson mRouter Port (WDM) -- C:\Windows\System32\drivers\zebrmdmc.sys (MCCI) DRV - (zebrmdm) Sony Ericsson Port (WDM) -- C:\Windows\System32\drivers\zebrmdm.sys (MCCI) DRV - (zebrmdfl) -- C:\Windows\System32\drivers\zebrmdfl.sys (MCCI Corporation) DRV - (zebrbus) -- C:\Windows\System32\drivers\zebrbus.sys (MCCI) DRV - (zebrceb) Sony Ericsson Cable Emulation Bus (WDM) -- C:\Windows\System32\drivers\zebrceb.sys (MCCI) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (BTSERIAL) -- C:\Windows\System32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = eumex.ip;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.fcstpauli.com/" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22 FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.200100126 FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.6.1 FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009.06.16 12:11:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.21 14:13:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 07:25:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 07:25:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.09.27 19:40:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.28 23:45:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.27 19:40:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.21 14:13:30 | 000,000,000 | ---D | M] [2010.08.23 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Extensions [2010.08.23 16:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.19 17:13:29 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions [2010.10.24 10:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.05.07 19:28:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.22 22:42:46 | 000,000,000 | ---D | M] (PinkHope) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66} [2010.09.12 19:16:45 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009.08.13 22:15:48 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689} [2010.02.22 22:43:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.09.12 19:16:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.02.22 22:42:44 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2010.07.28 18:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.15 10:30:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.22 22:42:24 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010.04.15 22:13:29 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2010.02.22 22:42:24 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66} [2010.09.12 19:16:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.22 22:43:07 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2009.06.18 15:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.02.22 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\ChoiceGuard@Microsoft [2010.09.24 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\DTToolbar@toolbarnet.com [2010.05.07 19:28:28 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\firebug@software.joehewitt.com [2010.04.15 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\illimitux@illimitux.net [2010.02.22 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\navertheme@nhncorp.com [2010.10.07 09:16:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\personas@christopher.beard [2010.02.22 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\rein@notiz.jp [2010.10.17 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\twitternotifier@naan.net [2010.02.22 22:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions [2010.02.22 22:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions\CVS [2010.02.22 22:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions [2010.02.22 22:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS [2010.02.22 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\trx7uk56.default\extensions\navertheme@nhncorp.com\chrome\mozapps\extensions [2009.08.21 11:34:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Sunbird\Profiles\qj24zrzn.default\extensions [2010.07.31 19:46:13 | 000,000,881 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\trx7uk56.default\searchplugins\conduit.xml [2010.09.24 14:52:11 | 000,002,059 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\trx7uk56.default\searchplugins\daemon-search.xml [2010.11.19 15:09:27 | 000,000,947 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\trx7uk56.default\searchplugins\icqplugin.xml [2010.11.19 17:13:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.08 13:51:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.02.18 12:10:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\npmozax@real.com [2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.07.25 09:51:06 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Programme\Mozilla Firefox\plugins\npigl.dll [2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2008.06.30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npOGAPlugin.dll [2009.03.30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npraclient.dll [2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll [2009.10.26 15:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.10.22 11:58:49 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 11:58:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 11:58:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 11:58:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 11:58:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programme\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHP0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CCUTRAYICON] File not found O4 - HKLM..\Run: [Device Detection] C:\Program Files\fotokasten comfort\dd.exe File not found O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe (phonostar) O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.11.10 16:58:53 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dock.lnk = C:\VistaOSX09\RKLauncher.exe (RaduKing) O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube Download - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} hxxp://www.gamehouse.com/realarcade-webgames/weddingdash/WeddingDash.cab (CPlayFirstWeddingDashControl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.11 21:35:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2faad116-cb84-11dc-a763-001bfce031d0}\Shell - "" = AutoRun O33 - MountPoints2\{2faad116-cb84-11dc-a763-001bfce031d0}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found O33 - MountPoints2\{f3a98d9d-8efd-11dc-96d1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f3a98d9d-8efd-11dc-96d1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.19 14:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.19 14:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.19 14:17:02 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Media\Desktop\mbam-setup.exe [2010.11.19 14:15:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe [2010.11.19 02:59:54 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\2010-11-19 [2010.11.18 23:51:37 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Malwarebytes [2010.11.18 23:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.18 23:50:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.18 23:05:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Media\Desktop\unconfirmed 63978.crdownload [2010.11.16 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Avira [2010.11.12 09:58:33 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.11.12 09:58:33 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.27 16:44:35 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 16:44:34 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.27 16:44:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2005.04.21 00:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2004.02.16 20:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.19 21:49:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.19 20:49:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.19 20:18:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 20:18:13 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 18:22:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.19 18:16:55 | 000,064,687 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.19 18:16:55 | 000,064,687 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.19 18:16:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.19 18:16:35 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2010.11.19 18:16:33 | 257,264,167 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.19 15:56:56 | 000,626,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.19 15:56:56 | 000,595,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.19 15:56:56 | 000,125,832 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.19 15:56:56 | 000,104,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.19 14:17:31 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 14:17:06 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Media\Desktop\mbam-setup.exe [2010.11.19 14:15:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe [2010.11.18 23:05:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Media\Desktop\unconfirmed 63978.crdownload [2010.11.13 11:04:04 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.13 11:04:04 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.11 20:50:12 | 000,025,088 | ---- | M] () -- C:\Users\Media\Desktop\Runde 2 Themen.doc [2010.11.09 20:59:20 | 044,151,368 | ---- | M] () -- C:\Users\Media\Desktop\avira_antivir_personal_de.exe [2010.10.25 21:12:49 | 000,716,768 | ---- | M] () -- C:\Users\Media\Desktop\Pelinka_Grundzüge_Politikwissenschaft.pdf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.19 14:17:31 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.11 20:50:07 | 000,025,088 | ---- | C] () -- C:\Users\Media\Desktop\Runde 2 Themen.doc [2010.11.09 20:58:01 | 044,151,368 | ---- | C] () -- C:\Users\Media\Desktop\avira_antivir_personal_de.exe [2010.10.25 21:12:45 | 000,716,768 | ---- | C] () -- C:\Users\Media\Desktop\Pelinka_Grundzüge_Politikwissenschaft.pdf [2010.09.24 14:51:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.08.17 20:51:15 | 000,000,011 | ---- | C] () -- C:\Users\Media\AppData\Roaming\NevoSoft Gameslog.txt [2010.07.07 13:44:59 | 000,064,687 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.07.06 13:15:03 | 000,064,687 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.05.20 22:53:27 | 000,000,680 | ---- | C] () -- C:\Users\Media\AppData\Local\d3d9caps.dat [2010.03.09 23:31:55 | 000,017,408 | ---- | C] () -- C:\Users\Media\AppData\Local\WebpageIcons.db [2009.12.24 13:30:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2009.05.27 14:12:34 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.27 09:25:32 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2009.02.26 17:08:39 | 000,027,043 | ---- | C] () -- C:\Users\Media\AppData\Roaming\UserTile.png [2009.01.26 18:54:53 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.21 20:31:00 | 000,282,606 | ---- | C] () -- C:\Users\Media\AppData\Local\awuag_nav.dat [2009.01.21 20:31:00 | 000,003,266 | ---- | C] () -- C:\Users\Media\AppData\Local\awuag.dat [2009.01.21 20:31:00 | 000,002,220 | ---- | C] () -- C:\Users\Media\AppData\Local\awuag_navps.dat [2009.01.21 17:06:43 | 000,000,641 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.01.21 17:06:43 | 000,000,087 | ---- | C] () -- C:\Windows\dswplug.ini [2009.01.21 15:04:40 | 000,004,969 | ---- | C] () -- C:\ProgramData\tgioyvlx.pxu [2009.01.21 15:04:20 | 000,000,060 | ---- | C] () -- C:\Windows\IniFile1.ini [2009.01.21 14:47:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.02 16:20:08 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI [2008.12.23 23:21:17 | 000,004,757 | ---- | C] () -- C:\Windows\Irremote.ini [2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.21 22:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.01 14:02:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.07.31 12:16:42 | 000,000,088 | ---- | C] () -- C:\Users\Media\AppData\Local\cxupeads.bat [2008.07.24 13:36:03 | 000,000,417 | ---- | C] () -- C:\Windows\Uninstall Spielesammlung.ini [2008.07.14 09:47:49 | 000,000,364 | ---- | C] () -- C:\Windows\GSHH08.INI [2008.07.14 09:47:07 | 000,000,366 | ---- | C] () -- C:\Windows\retrieve.ini [2008.06.28 13:38:13 | 000,028,672 | ---- | C] () -- C:\Windows\gscr.dll [2008.06.24 11:11:15 | 000,241,897 | ---- | C] () -- C:\Users\Media\AppData\Roaming\mdbu.bin [2008.05.05 17:08:22 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini [2008.04.20 17:53:59 | 000,000,030 | ---- | C] () -- C:\Windows\iedit_.INI [2008.04.11 12:37:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.10 22:52:11 | 000,000,067 | ---- | C] () -- C:\Windows\Backup.INI [2008.01.18 23:09:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.01.18 23:09:43 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.01.16 15:44:03 | 000,000,174 | ---- | C] () -- C:\Windows\math2003.INI [2008.01.16 15:43:35 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2008.01.16 15:43:33 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini [2007.12.27 13:14:25 | 000,020,480 | ---- | C] () -- C:\Windows\System32\PosTickerLib.dll [2007.12.25 22:31:02 | 000,154,262 | ---- | C] () -- C:\Users\Media\AppData\Roaming\NMM-MetaData.db [2007.12.21 00:42:02 | 000,101,376 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.10 17:23:12 | 000,000,912 | ---- | C] () -- C:\Users\Media\AppData\Roaming\wklnhst.dat [2007.11.09 13:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2007.11.09 13:38:11 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS66.DLL [2007.07.25 14:24:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.07.11 21:27:56 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007.07.11 21:09:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2007.07.11 21:09:41 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2007.01.12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.01.12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.06.23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll [2006.05.03 22:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2006.02.26 15:08:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2005.12.02 14:14:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2005.09.23 13:52:14 | 000,207,872 | ---- | C] () -- C:\Windows\System32\OneWay.dll [2005.09.15 23:40:22 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll [2004.07.26 11:12:00 | 000,166,912 | --S- | C] () -- C:\Windows\System32\lame_enc.dll [2003.01.18 00:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2002.10.12 15:41:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2002.06.02 16:05:40 | 000,038,912 | ---- | C] () -- C:\Windows\System32\1Way.dll [2002.05.24 00:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll [2002.05.24 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000024.DLL [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.08.31 14:33:58 | 000,425,984 | ---- | C] () -- C:\Windows\System32\VxDMDcDlg.dll ========== LOP Check ========== [2009.07.09 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Alawar [2009.07.09 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Amaranth Games [2010.03.31 16:56:40 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Artisteer [2009.01.12 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ASCOMP Software [2009.06.16 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Ashampoo [2008.12.27 15:35:11 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Ashtons Family Resort [2008.12.08 15:51:00 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BeachPartyCraze [2008.12.07 14:22:02 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Big Fish Games [2009.06.26 21:33:48 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BlamGames [2009.07.08 21:11:21 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\blg [2008.11.06 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BlogDesk [2008.11.02 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BloodTies [2010.01.12 23:09:41 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BluetoothDriverInstaller [2009.04.22 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Boolat Games [2010.11.02 11:31:33 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\BSW [2009.02.14 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Canneverbe_Limited [2010.05.12 12:20:08 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Canon [2009.08.11 19:52:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\CasualForge [2008.12.07 04:21:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\cerasus.media [2008.01.21 15:36:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Chicken Chase [2009.06.26 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\CupcakeCafe [2010.09.24 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DAEMON Tools Lite [2009.01.26 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DeepBurner [2010.11.19 17:24:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Desktopicon [2010.09.24 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoft [2010.07.28 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers [2008.06.07 14:01:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\eGames [2009.07.01 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\EleFun Games [2008.07.13 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\everpixx [2008.12.27 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Farm Mania [2010.10.07 14:25:40 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Flood Light Games [2010.09.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Floodlight Games [2008.02.17 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\FloodLightGames [2010.08.17 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\freshgames [2008.07.17 21:55:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Friday's games [2009.01.01 17:00:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Gaijin Ent [2010.01.03 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Gajim [2010.10.09 12:00:48 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GameHousev1002 [2008.12.27 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GameInvest [2008.12.27 17:58:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Gamelab [2010.08.17 17:39:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GamesCafe [2008.12.08 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Go Go Gourmet [2010.09.24 17:15:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Gogii [2010.07.29 00:03:18 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GrabPro [2010.10.14 17:43:52 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\gtk-2.0 [2010.04.13 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\HdO Adventure [2010.09.23 14:37:24 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\HillStoneAnimationStudios [2008.12.08 18:54:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Home Sweet Home 2 [2010.05.04 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ICQ [2008.07.17 11:15:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\iWinArcade [2007.11.25 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Jane s Hotel [2009.07.05 21:44:06 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Janes_Realty [2008.12.05 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Magic Academy [2008.06.07 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Magic Seeds [2009.07.08 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Meridian93 [2009.12.26 17:03:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Merscom [2009.02.08 23:17:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MessengerGadget [2009.01.21 15:07:18 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MOVAVI [2009.08.20 13:20:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MP3toiPodAudioBookConverter [2008.06.06 12:23:24 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\My Games [2010.08.17 20:51:15 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\NevoSoft Games [2010.08.21 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Nokia [2010.07.28 17:50:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Nokia Multimedia Player [2008.01.20 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Oberon Games [2010.04.29 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\OpenCandy [2008.12.12 11:45:32 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Opera [2010.08.31 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Orbit [2008.06.27 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PACE Anti-Piracy [2010.08.21 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PC Suite [2010.04.13 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Peace Craft [2009.02.26 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PeerNetworking [2008.12.28 23:31:54 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PetShowCraze [2007.11.09 15:25:14 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\phonostar-Player [2010.09.21 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PlayFirst [2010.02.11 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Playrix Entertainment [2008.12.28 02:22:15 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Pogo Games [2010.07.25 20:03:59 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ProgSense [2010.09.24 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ProtectDISC [2009.06.29 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Sandlot Games [2008.04.12 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\SecondLife [2009.07.08 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Shape games [2009.07.06 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Skip-Bo [2008.09.17 14:59:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Sony [2008.09.20 00:29:54 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\SpinTop Games [2008.02.14 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Super-Cow [2008.09.17 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Teleca [2007.11.10 17:23:13 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Template [2008.06.13 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\TheScruffs [2010.08.23 16:00:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Thunderbird [2010.08.25 16:39:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2008.04.20 13:59:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Ulead Systems [2010.04.29 19:26:13 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Uniblue [2009.04.22 15:54:17 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\UNOUndercover [2009.04.22 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Valusoft [2010.05.20 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\VideoDing.0E08E46C2708A370803599BBD111EFCF3D93D696.1 [2009.06.21 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ViquaSoft [2008.02.10 21:44:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Virtual Me [2010.11.19 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Vso [2008.03.13 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\WinBatch [2009.08.05 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\World-LooM [2010.09.21 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Zylom [2009.07.06 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Zylom DressUpRush [2010.11.19 03:25:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:49EB0FDC @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:1CE87230 @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AA99C0C @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:453190EC @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:71FA8B7F @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:52E1DB1D @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A18D1A5B @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:9E2BD6A9 @Alternate Data Stream - 72 bytes -> C:\Windows:D08BCD83943D7B2C @Alternate Data Stream - 314 bytes -> C:\ProgramData\TEMP:6D5196DD @Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP:995B275C @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2FF4577A @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:701FCC18 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9AB338B9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C0A504B9 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B4F0E275 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55C54F7C @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE47A3DA @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A7DA2BCD @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93226FE3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:88698068 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A561576B @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98AE08EA @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EA701346 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0A73A758 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D31BE97C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9857FAE3 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:43E95997 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1D818F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48FEA089 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38E2864F @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E66FFABE @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9B285B76 @Alternate Data Stream - 1217 bytes -> C:\Users\Media\AppData\Local\VCyCrDYa9lxnPs:VAO9ofoSQb68mfk1 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A9364E30 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:72DFB801 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:490BCC52 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E4FCDFD9 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:33611CFB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C74009E5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:85C3B823 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00811B66 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B093E177 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 1170 bytes -> C:\Program Files\Common Files\System:dz3wYIDkIkzg02uQDsCce0 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FECEF728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0 @Alternate Data Stream - 1167 bytes -> C:\ProgramData\Microsoft:sAK0jw8tvvzd2mILG4LFw @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FDCAE7B5 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DBC416F8 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:87FA5E8A @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C928F3BE @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9026FFAC @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:07241935 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AA004D25 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9EE6560D @Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:D95tCDMr7bJ8nBJshuGRmg @Alternate Data Stream - 1109 bytes -> C:\Users\Media\AppData\Local\Temp:TN4Vr0d8k2vbzYrdUitOdGLx3o9d @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DF0BC727 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A6346EE9 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:90D89144 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:22313216 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:1037D53D @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC4EA67C @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D3A8AA31 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:AA37E770 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A688EF17 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FE30352 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D8DB81DC @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3BAD65EA @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C7B98566 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A0C7D68A @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D507B5A8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C2AD09C0 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:02B823FE @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D708EEF9 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D0668210 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:4AD2C54D @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:70E897B5 < End of report > 2. log OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.11.2010 22:15:09 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Media\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,65 Gb Total Space | 204,07 Gb Free Space | 44,59% Space Free | Partition Type: NTFS
Drive D: | 8,11 Gb Total Space | 1,01 Gb Free Space | 12,44% Space Free | Partition Type: NTFS
Computer Name: MEDIA-PC | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2340796681-800452247-4030987805-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0C3C4-0AE4-4DDC-A4D3-AB1BCDB870D8}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{07CBE9C7-6B29-4D83-AECF-9B40D07A667C}" = lport=137 | protocol=17 | dir=in | app=system |
"{18307FAA-A51C-42F2-A536-21DB8A30162A}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A76B3EE-5B12-4395-812E-EC3A3618A301}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DB8A0DF-28C1-4D6B-83A6-CA4F618C2600}" = lport=2869 | protocol=6 | dir=in | app=system |
"{369526D4-4AF1-4EDA-BE87-90D8CEF752FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3E55B1B5-95DE-40F4-B227-4623EF69E1D7}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DC4B692-1935-40A9-B860-8AE5765CBD56}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C31E65A-1D1E-49A1-B9B8-E77A5D2D061F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B0E067F-877F-4550-BD99-3E1DF94EFF5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8522C74A-03DA-48A3-830C-EFE901E3E317}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BB92B12-B965-4461-B44C-01C0BF2B1F4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B8082070-1B47-45FD-A33E-1E447E644EAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C17AD186-2AAD-44C2-AA32-B7ED6D73FBB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{C54DFC57-681A-4BF1-A57C-6104512B32B8}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{EB2D1EFF-3A95-4327-854B-4E4DBBF3B34A}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E116AD-8F32-41AA-AA89-80BA16E485A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04D00A89-803C-4680-B856-C8011AADAF37}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{0F83460F-8DDB-4031-8B20-7DBF7334EA9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F9C9433-28C0-4393-BC16-916D41B44C04}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{19F41F03-BAFC-4A2A-AC7E-8099C7B7CC9E}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{1D72605F-7F96-40D9-8DD5-D7ED3FA16EC5}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{206FB800-5D53-4EAE-B31B-F16D4F3D8AA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{228B5E03-F42A-4B21-8F9E-D2C38FC4C291}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{2BA48166-4DBB-4B83-8D03-C18C84F487BF}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{2CCB10F0-1D39-4FA5-85A0-20112AEE4874}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{2CEF51B1-11A0-43F2-8789-ADE1DB8BCF05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D20E2EF-1509-423D-8234-592FD19BB0D2}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{35AE739F-8D4F-4F0B-9393-6662A2E3EEC8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3736A0FB-5278-4410-A16B-9A16620315F5}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4845E845-B48D-4B08-A87D-E6988ECFB146}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{489DD7E4-D74A-4F43-A365-8A0DCABF1C8C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{4A29A877-CB16-4F92-B615-E906F08B821D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{4CD8AE8D-4612-4C71-9525-98976DB98449}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{550440D3-F353-449B-B9E5-B3ECBE668807}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5508B316-F64D-4158-92B1-CBFD8E85AE73}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{551D63A2-6900-471B-A28F-1FD07F6D56E1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{59DBEAA3-1BCD-483E-9802-D81A9AE5D7A9}" = protocol=6 | dir=in | app=c:\snowboundonline\run.exe |
"{5DD737EB-610D-46C1-B873-05FE4FE78464}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E623F94-8233-406A-A216-6D13EE259D9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{639BD6CC-DA9A-45FE-B6E7-3BDEC2264107}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{66AF9957-018A-49B9-8672-C99FDF6267C5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6A032417-8930-4DC2-8B9D-AB42065F127C}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6FB98A1D-1206-4073-AC1C-7DF149E810BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73E417D4-BB5E-4080-A9E5-066515C4FF6F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{74FDBB2F-EB19-475B-BEF9-94E8CD40A0E1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{7C629FA8-9F53-4156-BDEF-BF50987F0B90}" = protocol=17 | dir=in | app=c:\program files\online-dienste\germany\aol\aolde.exe |
"{81E57C7F-00A7-4B2A-993F-D7A99B9FF5D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87F4699B-6DB2-431A-A44A-4FB1F389E9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{888887A4-E5CA-4546-BB9E-0B838175232B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{89A6EB19-DF87-416C-B846-11C4A2CBF005}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C84BDC0-96EE-4161-BFE0-AF2F0422FD38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93D467A2-6D81-4106-AAF5-18A10F726D96}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97DBCDF8-EC69-466E-B6F5-7E2BD430A082}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A4E1A21C-FAF2-4879-86E5-6E2D669BD3BB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A9021395-4588-4C7B-B4D5-7F9D1E39F1AA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ABF21F5A-6004-4736-8AAC-C10624F23E0D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{ADED77B8-E59D-4496-9822-62B896911EFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B14F28AA-A4D2-4FD4-856B-D47F6C82BBE7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{B7B670FA-86E1-4A8B-A87D-52C294618B72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD78D6AF-B6F8-40E3-AFC8-3D6136A82504}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE802861-DBAB-4BBD-A754-9D22E2E6CE34}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{C3A9635B-FAC4-468D-AFE3-19F75E6E69AA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C5A0B417-387E-48D9-931B-D4376731937F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C643128A-460A-43D1-BADC-B2926C607039}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C68FEFA9-3C1F-498E-8433-28A75DE43737}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{C8A658A4-B6FA-44E6-98E1-BD743B36A745}" = protocol=17 | dir=in | app=c:\snowboundonline\run.exe |
"{C9035172-5CE3-4627-A833-4A8A2A52763D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{CF61F384-D3F0-4654-B0D4-A4005DC2B879}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D3DD6E54-9126-4FA8-96A9-7F6F8DF2BA54}" = protocol=6 | dir=in | app=c:\program files\online-dienste\germany\aol\aolde.exe |
"{D8501A15-AB3E-4865-B74F-9345E9F6330F}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{D9A1F819-632C-4EE5-89FE-AAF721A841DC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{DB1412B1-0B3B-4F80-B4AC-A1AFF631BAE2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DB5224EA-74E4-43A7-BA56-80CB4CBF1267}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E7488183-E131-4D89-B318-C29495A1EA26}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EB2E55F4-5098-43FF-B59A-75901D730641}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{ED5B22FA-B51A-4849-A5CB-68BA0815037A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{F3DD4D99-A41A-4414-B762-4824C6DE1F79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F61E2E85-3240-46EB-8F4B-1342EF8B7C41}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{F75B7C53-F498-41D5-8D98-B240F90A2AEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F767A70C-28E0-4C4B-A4C7-6FE2BF22A058}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC2DA986-B8D5-4157-B095-EE4A2FF66C24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{17931EDF-329D-461C-92C3-92D50A667CD3}C:\program files\yahoo! games\lemonade tycoon 2\lemonade2.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\lemonade tycoon 2\lemonade2.exe |
"TCP Query User{27A030C2-79AC-4BE9-B22B-638B0B2D1AA1}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2901BEB6-174B-4181-8F67-27C012329E9C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{370C88C7-A9AD-4CDB-9302-E65BD1E1B78E}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{3D3A40B0-5F38-4690-A288-FE67F708B23E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{40A20313-51DB-45A9-8CA3-5DFB95261BB5}C:\program files\hexacto games\lemonade tycoon\lemonade.exe" = protocol=6 | dir=in | app=c:\program files\hexacto games\lemonade tycoon\lemonade.exe |
"TCP Query User{68735125-BDCD-4CD0-B723-81DEAA5EF836}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{B54625B5-90C6-4A4D-BA55-4A535D9AE6D9}C:\program files\don't get angry 2 demo\da2 demo.exe" = protocol=6 | dir=in | app=c:\program files\don't get angry 2 demo\da2 demo.exe |
"TCP Query User{CAF0C30A-D1EA-4E72-AFBA-E4266702975A}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"TCP Query User{D0FD0A8F-5FCF-4BC1-ACBF-3C2683F6D75C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E36C5B9F-9BF1-407F-B654-E676AB36E4DC}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{144F6F44-902D-4D1B-8BCD-3B23FD4213CF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{381AE462-6E0B-40C1-8491-BD40B7CCC4C7}C:\program files\yahoo! games\lemonade tycoon 2\lemonade2.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\lemonade tycoon 2\lemonade2.exe |
"UDP Query User{5522734E-88A2-4E45-86B0-F00475BF7136}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{64F0CA2A-235E-4BFA-8E5D-6ACF316A1246}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{669F3DAF-FA50-4271-927C-20C868233ABC}C:\program files\don't get angry 2 demo\da2 demo.exe" = protocol=17 | dir=in | app=c:\program files\don't get angry 2 demo\da2 demo.exe |
"UDP Query User{70F9898D-18FB-4350-8F15-DBA4F9DDA146}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8E392785-7C7E-45F7-9FD2-3AA3CD6F08ED}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{8FCF740B-8412-4966-AEFD-F629F2B196B7}C:\program files\hexacto games\lemonade tycoon\lemonade.exe" = protocol=17 | dir=in | app=c:\program files\hexacto games\lemonade tycoon\lemonade.exe |
"UDP Query User{B80A7A65-5F2C-4006-9518-3E40FDEE8827}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"UDP Query User{E62B3E7D-B876-4947-A357-D47DD967B40A}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{EC684AB3-A50C-4369-A36B-E65392922050}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{012048E1-BFFF-682E-8FA2-8325B2B16784}" = TweetDeck
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0d24468a-a58f-4277-9d7b-e1e7cd9d938a}" = Nero 9 Trial
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F122737-72B2-4095-8B3E-7AAE753DFD3D}" = Inhalt für Werkzeuge und Vorlagen für Schüler
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"{25F41450-76BD-5727-EB8B-5BB61617ABD9}" = Video Ding
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2D6CC267-A37C-467A-92F0-CD8BAB01D1FE}" = Inhalt für Werkzeuge und Vorlagen für Lehrer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8 Trial
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44F67F77-CD58-4F53-8337-624EF0E0EAA9}" = HunterStone THESIS
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E56BAE4-129F-4CE3-AC78-50EA78E95913}" = Franzis Mathematik Klasse 12
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1" = everpixx 3.60
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Werkzeuge und Vorlagen für Microsoft Office
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7A3B6B80-B09E-4D48-B652-15A6B9D279D4}" = YoGen Audio Recorder
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.5
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115455627}" = Cake Mania 3
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = orlogix RecordNow MAX
"{88BFE745-3D1F-4B80-8C40-E626E5A8E613}" = Samsung S5230 Wallpaper Creator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F8CEAD4-1D32-47B1-A6FE-1C9BEE11F241}_is1" = MyYouMusic 2.300
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0 Testversion
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73C2FF2-3F2E-4972-B414-BC24024FFDD8}" = ArcSoft Print Creations
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C67F36D2-DE45-40B4-8D87-DF4A66A59532}" = PC Suite for Sony Ericsson
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D20E73F6-FF41-4318-B23A-FB38FBDB14A4}_is1" = Dart Karaoke Studio CDG
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB909A1C-B447-428F-8103-E8975BCB99F0}" = ArcSoft RAW Thumbnail Viewer
"{DDB263D3-2FD7-47BF-850E-9851EFFF6C6C}" = Sony Ericsson Media Manager 1.1
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5AED31E-3474-4C85-B492-42149DE37891}" = MySQL Server 5.0
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7EADF4C-C40F-467E-96E3-7E62C9CDC079}" = AquaSoft DiaShow 6 for YouTube
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{E8648296-43A2-47B2-8D23-7654831C99F5}" = Franzis Mathematik Klasse 13
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EEC002BD-E0FB-46DF-B724-0521A5170E02}" = Virtual Me Character Creator
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F7107906-5D75-438A-BB33-010818834487}" = IKEA HomePlanner Kitchen
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows-Treiberpaket - Nokia Modem (08/03/2007 6.84.0.2)
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"ABIschnitt" = ABIschnitt 9.16
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Alamandi" = Alamandi
"albelli photo book creator Extra_is1" = albelli photo book creator Extra
"Algebrus_is1" = Algebrus 3.1
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"Artisteer 2" = Artisteer 2
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.30
"Ask Toolbar_is1" = Ask Toolbar
"Astra Screen Saver" = Astra Screen Saver Screen Saver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"awuag" = Favorit
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.1.0
"BFGC" = Big Fish Games: Game Manager
"BFG-City Sights - Hello Seattle" = City Sights: Hello Seattle
"BFG-Nanny 911" = Nanny 911
"BFG-Public Enemies - Bonnie and Clyde" = Public Enemies: Bonnie and Clyde
"BFG-Traumhochzeit Las Vegas" = Traumhochzeit Las Vegas
"BSW" = BrettspielWelt
"Cake Mania 3 Deluxe" = Cake Mania 3 Deluxe
"CAMEL SPLASH ANIMATION win 1280x800" = CAMEL SPLASH ANIMATION win 1280x800 Screen Saver
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CloneDVD2" = CloneDVD2
"Club der Ermittlerinnen 2_is1" = Club der Ermittlerinnen 2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDStyler_is1" = DVDStyler v1.7.1
"E.M. Multilayer Image Processing SDK 1.30_is1" = E.M. Multilayer Image Processing SDK 1.30
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Farm Frenzy 3 - Russian Roulette Deluxe" = Farm Frenzy 3 - Russian Roulette Deluxe
"Farm Frenzy 3: American Pie" = Farm Frenzy 3: American Pie
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.88
"FotoWorks_is1" = FotoWorks
"Franzis Englisch-Sprachkurs 2_is1" = Franzis Englisch-Sprachkurs 2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Studio_is1" = Free Studio version 4.8
"Free Video Converter_is1" = Free Video Converter V 1.4
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Führerschein-Trainer" = Führerschein-Trainer
"FujiDirekt_is1" = FujiDirekt 2.6
"GameHouse" = GameHouse
"Gardenscapes Deluxe" = Gardenscapes Deluxe
"Geheime Fälle: Vermisst in Rom" = Geheime Fälle: Vermisst in Rom
"GELBESEITEN_HAMBURG_2008" = GelbeSeiten für Hamburg und Umgebung 2008
"GlobFX Space Travel" = GlobFX Space Travel
"GNU Backgammon 0.15-stable_is1" = GNU Backgammon 0.15-stable (20061119 code)
"GoldWave v5.20" = GoldWave v5.20
"GoldWave v5.23" = GoldWave v5.23
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ICQToolbar" = ICQ Toolbar
"igLoader" = igLoader
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"IsoBuster_is1" = IsoBuster 2.7
"JDownloader" = JDownloader
"keinohrhase_screensaver.scr" = keinohrhase_screensaver
"LE_CDK" =
"Lexikon - Mathematik" = Lexikon - Mathematik
"M4P MP3 Converter_is1" = M4P MP3 Converter 1.0
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"MAGIX Ringtone Maker 2007 silver D" = MAGIX Ringtone Maker 2007 silver 3.1.0.2 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mystery P.I. - The New York Fortune Deluxe" = Mystery P.I. - The New York Fortune Deluxe
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"p.i.c.s. Spielesammlung" = p.i.c.s. Spielesammlung
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0
"Photo Pos Pro" = Photo Pos Pro
"PhotoMix_is1" = PhotoMix 5.3
"PhotoScape" = PhotoScape
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"Physikus_is1" = Physikus Teil1 ´07
"Picasa 3" = Picasa 3
"Pixelspeed_Layouter" = Pixelspeed Layouter
"PokerStars.net" = PokerStars.net
"PROSet" = Intel(R) Network Connections Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"queensberry_scrnsvr_antonella.scr" = queensberry_scrnsvr_antonella ScreenSaver
"Quest3D3d Girlz" = 3d Girlz
"Q-Xpress Installer" = Q-Xpress Installer 1.1.9
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Ritter Arthur" = Ritter Arthur
"save2pc Light_is1" = save2pc Light 3.32
"Schlag den Raab_is1" = Schlag den Raab
"screensaver.scr" = screensaver
"SecondLife" = SecondLife (remove only)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"Spiel Des Lebens" = Spiel Des Lebens
"studiVZ Fotobuch" = studiVZ Fotobuch 3.6
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teachmaster 3.9" = Teachmaster 3.9 (nur Entfernen)
"tint" = Tint
"Trillian" = Trillian
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Veoh Video Compass" = Veoh Video Compass
"VideoDing.0E08E46C2708A370803599BBD111EFCF3D93D696.1" = Video Ding
"Videoload Manager" = Videoload Manager 1.0.1545
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Vogue Tales Deluxe" = Vogue Tales Deluxe
"VSO Image Resizer_is1" = VSO Image Resizer 1.3.3
"WAV to MP3" = WAV to MP3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio (3.0.0) Trial Version
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"XP-Games JRE" = XP-Games JRE
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zattoo4" = Zattoo4 4.0.5
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"98bfe35522602320" = DigitalPrintLab 2.0 für printeria Unikatprint
"AquaSoft DiaShow 6 for YouTube" = AquaSoft DiaShow 6 for YouTube
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2010 13:23:51 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:51 (OviSuite) - ERROR - MessagesPlugin, Thread
GUI, Line 834, .\Application\ItemsView.cpp, CItemsView::getMessageModel(): m_pMsgFilter
is NULL. Could not get message model.
Error - 19.11.2010 13:23:51 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:51 (OviSuite) - ERROR - MessagesPlugin, Thread
GUI, Line 834, .\Application\ItemsView.cpp, CItemsView::getMessageModel(): m_pMsgFilter
is NULL. Could not get message model.
Error - 19.11.2010 13:23:51 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:51 (OviSuite) - ERROR - MessagesPlugin, Thread
GUI, Line 834, .\Application\ItemsView.cpp, CItemsView::getMessageModel(): m_pMsgFilter
is NULL. Could not get message model.
Error - 19.11.2010 13:23:52 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:52 (OviSuite) - ERROR - CommonUtilities, Thread
6, Line 393, .\Application\platform\win\WindowsNetworkUtils.cpp, CWindowsNetworkUtils::SetNAMProxySettings():
Could not found proxy server for Url!
Error - 19.11.2010 13:23:54 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:54 (OviSuite) - ERROR - DALService, Thread 7,
Line 86, .\Application\AOContactCreateOperation.cpp, CAOContactCreateOperation::run():
DAL failure detected: (101) converted from MPlatform error [-2147467261:UnknownError(80004003)]
/ Create loop / @ CAOContactCreateOperation::run (.\Application\AOContactCreateOperation.cpp:86)
Error - 19.11.2010 13:23:54 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:54 (OviSuite) - ERROR - DALService, Thread 8,
Line 86, .\Application\AOContactCreateOperation.cpp, CAOContactCreateOperation::run():
DAL failure detected: (101) converted from MPlatform error [-2147467261:UnknownError(80004003)]
/ Create loop / @ CAOContactCreateOperation::run (.\Application\AOContactCreateOperation.cpp:86)
Error - 19.11.2010 13:23:54 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:54 (OviSuite) - ERROR - DALService, Thread 7,
Line 86, .\Application\AOContactCreateOperation.cpp, CAOContactCreateOperation::run():
DAL failure detected: (101) converted from MPlatform error [-2147467261:UnknownError(80004003)]
/ Create loop / @ CAOContactCreateOperation::run (.\Application\AOContactCreateOperation.cpp:86)
Error - 19.11.2010 13:23:54 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:23:54 (OviSuite) - ERROR - CommonWidgets, Thread
GUI, Line 491, .\Application\CommonNavigationPane2\CommonNavigationPane.cpp, CCommonNavigationPane::getSelectedIndexes():
Selection model is NULL!
Error - 19.11.2010 13:24:01 | Computer Name = Media-PC | Source = OviSuite | ID = 1
Description = 19/11/2010 18:24:01 (OviSuite) - ERROR - CommonWidgets, Thread
GUI, Line 491, .\Application\CommonNavigationPane2\CommonNavigationPane.cpp, CCommonNavigationPane::getSelectedIndexes():
Selection model is NULL!
Error - 19.11.2010 17:12:50 | Computer Name = Media-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.17.3 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10ec Anfangszeit: 01cb882df370d9f9 Zeitpunkt der Beendigung:
7
[ Media Center Events ]
Error - 18.04.2008 16:52:19 | Computer Name = Media-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 24.07.2010 17:29:56 | Computer Name = Media-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.11.2010 19:52:44 | Computer Name = Media-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.93.1733.0
Ladende
Modulversion: 1.1.6301.0
Error - 18.11.2010 19:57:27 | Computer Name = Media-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 19.11.2010 09:06:53 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 19.11.2010 09:10:32 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.11.2010 12:33:20 | Computer Name = Media-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "HP" aus.
Error - 19.11.2010 13:16:39 | Computer Name = Media-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.11.2010 um 17:59:10 unerwartet heruntergefahren.
Error - 19.11.2010 13:19:12 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 19.11.2010 13:20:06 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.11.2010 13:20:06 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.11.2010 13:25:41 | Computer Name = Media-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
19.11.2010, 22:41
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird bläulich, reagiert nicht mehr Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.11 21:35:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2faad116-cb84-11dc-a763-001bfce031d0}\Shell - "" = AutoRun
O33 - MountPoints2\{2faad116-cb84-11dc-a763-001bfce031d0}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found
O33 - MountPoints2\{f3a98d9d-8efd-11dc-96d1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3a98d9d-8efd-11dc-96d1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found
[2010.11.18 23:05:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Media\Desktop\unconfirmed 63978.crdownload
[2009.01.21 15:04:40 | 000,004,969 | ---- | C] () -- C:\ProgramData\tgioyvlx.pxu
[2008.07.31 12:16:42 | 000,000,088 | ---- | C] () -- C:\Users\Media\AppData\Local\cxupeads.bat
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:49EB0FDC
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:1CE87230
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AA99C0C
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:453190EC
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:71FA8B7F
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:52E1DB1D
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:9E2BD6A9
@Alternate Data Stream - 72 bytes -> C:\Windows:D08BCD83943D7B2C
@Alternate Data Stream - 314 bytes -> C:\ProgramData\TEMP:6D5196DD
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP:995B275C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:701FCC18
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C0A504B9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B4F0E275
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55C54F7C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:88698068
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:43E95997
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E66FFABE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9B285B76
@Alternate Data Stream - 1217 bytes -> C:\Users\Media\AppData\Local\VCyCrDYa9lxnPs:VAO9ofoSQb68mfk1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A9364E30
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:72DFB801
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:33611CFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C74009E5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 1170 bytes -> C:\Program Files\Common Files\System:dz3wYIDkIkzg02uQDsCce0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 1167 bytes -> C:\ProgramData\Microsoft:sAK0jw8tvvzd2mILG4LFw
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AA004D25
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:D95tCDMr7bJ8nBJshuGRmg
@Alternate Data Stream - 1109 bytes -> C:\Users\Media\AppData\Local\Temp:TN4Vr0d8k2vbzYrdUitOdGLx3o9d
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A6346EE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:1037D53D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:AA37E770
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3BAD65EA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C7B98566
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A0C7D68A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C2AD09C0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:02B823FE
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D708EEF9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:4AD2C54D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:70E897B5
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2010, 23:43
| #6 | |
| | Bildschirm wird bläulich, reagiert nicht mehr Beim ersten Versuch ist das Programm abgestürzt. Beim zweiten Mal hat es geklappt, der Computer wurde neu gestartet und hier ist der log: Zitat:
|
|
20.11.2010, 01:33
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird bläulich, reagiert nicht mehrZitat:
 Hat mein bisheriges TOP an einem Kunden-PC mal locker verzehnfacht! Mach dich bereit für ne CF-Ladung: (  )ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2010, 17:00
| #8 |
| | Bildschirm wird bläulich, reagiert nicht mehr hier der log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 10-11-19.04 - Media 20.11.2010 15:53:37.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1228 [GMT 1:00]
ausgeführt von:: c:\users\Media\Desktop\confi.exe.exe
FW: G DATA Personal Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Media\AppData\Local\awuag.dat
c:\users\Media\AppData\Local\awuag_nav.dat
c:\users\Media\AppData\Local\awuag_navps.dat
c:\users\Media\AppData\Roaming\Desktopicon
c:\windows\system32\2698465061.dat
c:\windows\system32\spool\prtprocs\w32x86\CNMPP9Z.DLL
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((( Dateien erstellt von 2010-10-20 bis 2010-11-20 ))))))))))))))))))))))))))))))
.
2010-11-20 15:10 . 2010-11-20 15:10 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-11-20 15:10 . 2010-11-20 15:10 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-11-19 21:53 . 2010-11-19 21:53 -------- d-----w- C:\_OTL
2010-11-19 21:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C9B3816-A5A1-4ACB-B624-15E2B1BB06CC}\mpengine.dll
2010-11-19 13:17 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 13:17 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 22:51 . 2010-11-18 22:51 -------- d-----w- c:\users\Media\AppData\Roaming\Malwarebytes
2010-11-18 22:50 . 2010-11-18 22:50 -------- d-----w- c:\programdata\Malwarebytes
2010-11-18 22:50 . 2010-11-19 13:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 16:23 . 2010-11-16 16:23 -------- d-----w- c:\users\Media\AppData\Roaming\Avira
2010-11-12 08:58 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-12 08:58 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-10 15:19 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-27 15:44 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 15:44 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 15:44 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 10:04 . 2010-03-01 00:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 10:04 . 2010-03-01 00:43 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-19 09:41 . 2009-10-02 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 13:51 . 2010-09-24 13:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 03:50 . 2010-07-08 12:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-12 20:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-12 20:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-12 20:09 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-12 20:09 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20 . 2010-10-12 20:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-12 20:11 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-12 20:11 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-12 20:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-12 20:11 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-12 20:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-12 20:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-12 20:09 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-12 20:10 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-12 20:10 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 15:44 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 15:44 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 15:44 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 15:44 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c9508125-4747-4733-b048-e4b82dc9716d}"= "c:\program files\PHPNukeDE\tbPHP0.dll" [2010-07-29 2515552]
[HKEY_CLASSES_ROOT\clsid\{c9508125-4747-4733-b048-e4b82dc9716d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}]
2010-07-29 22:56 2515552 ----a-w- c:\program files\PHPNukeDE\tbPHP0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c9508125-4747-4733-b048-e4b82dc9716d}"= "c:\program files\PHPNukeDE\tbPHP0.dll" [2010-07-29 2515552]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{c9508125-4747-4733-b048-e4b82dc9716d}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C9508125-4747-4733-B048-E4B82DC9716D}"= "c:\program files\PHPNukeDE\tbPHP0.dll" [2010-07-29 2515552]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{c9508125-4747-4733-b048-e4b82dc9716d}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PhonostarAgent"="c:\program files\phonostar\ps_agent.exe" [2007-06-18 98304]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2007-06-18 126976]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-13 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-14 13793824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-09-06 204680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
c:\users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dock.lnk - c:\vistaosx09\RKLauncher.exe [2010-4-7 708608]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2340796681-800452247-4030987805-1001]
"EnableNotificationsRef"=dword:00000001
R2 gupdate1c9d937315ac003;Google Update Service (gupdate1c9d937315ac003);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R2 PNRPAutoRegWPDBusEnum;PNRP-Computernamenveröffentlichungs-Dienst PNRPAutoRegWPDBusEnum;c:\windows\system32\amxreadm.exe [x]
R2 SNMPTRAPShellHWDetection;SNMP-Trap SNMPTRAPShellHWDetection;c:\windows\system32\12520437s.exe [x]
R3 AVK Tuner Service;AVK Tuner Service;c:\program files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe [x]
R3 AVMUNET;Eumex 300 IP;c:\windows\system32\DRIVERS\avmunet.sys [2005-04-18 15104]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-06-17 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-06-17 25480]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-24 691696]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-13 135336]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 09:06]
2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 10:38]
2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 10:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = eumex.ip;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Free YouTube Download - c:\users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
FF - ProfilePath - c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\trx7uk56.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.fcstpauli.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\trx7uk56.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\trx7uk56.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\trx7uk56.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - plugin: c:\users\Media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-Device Detection - c:\program files\fotokasten comfort\dd.exe
HKU-Default-Run-cleansweep.exe - c:\cleansweep.exe\cleansweep.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-awuag - c:\users\media\appdata\local\cxupeads.bat
AddRemove-igLoader - c:\program files\igLoader\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-20 16:40
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4448)
c:\vistaosx09\RKLauncher.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-20 16:57:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-20 15:57
Vor Suchlauf: 23 Verzeichnis(se), 255.784.882.176 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 255.417.954.304 Bytes frei
- - End Of File - - 1DDFB66ECD1F5E679CB50B5242B1EF46
|
|
21.11.2010, 10:57
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird bläulich, reagiert nicht mehr Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2010, 17:33
| #10 |
| | Bildschirm wird bläulich, reagiert nicht mehr Bei GMER ist mein PC einmal abgestürzt. Beim zweiten Mal nur das Programm... Ich habe mir OSAM runtergeladen. Wenn ich es entpacken will, erscheint folgende Fehlermeldung:  Die entstandene .exe kann ich auch nicht öffnen. Nochmals vielen, vielen Dank für deine Hilfe!!! |
|
21.11.2010, 18:44
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird bläulich, reagiert nicht mehr Hm, für solche Fälle hatte ich in Vergangenheit osam hier mal hochgeladen => File-Upload.net - osam.zip
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2010, 19:05
| #12 | |
| | Bildschirm wird bläulich, reagiert nicht mehr OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:03:26 on 21.11.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\Windows\system32\btcpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\ecsepm.cpl "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "aizl552p" (aizl552p) - "Microsoft Corporation" - C:\Windows\system32\drivers\aizl552p.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bluetooth PAN Bus Service" (btnetBUs) - ? - C:\Windows\System32\Drivers\btnetBus.sys (File signed by Microsoft | File found, but it contains no detailed information) "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\Windows\system32\drivers\btserial.sys "catchme" (catchme) - ? - C:\confi.exe\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uwlcypod" (uwlcypod) - ? - C:\Users\Media\AppData\Local\Temp\uwlcypod.sys (Hidden registry entry, rootkit activity | File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\Windows\System32\Drivers\btwusb.sys "zlportio" (zlportio) - ? - C:\Program Files\UltraStar Deluxe\zlportio.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\Windows\system32\btneighborhood.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {BBD2BACA-BEED-4307-86F7-563562FCFC13} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "PHPNukeDE Toolbar" - "Conduit Ltd." - C:\Program Files\PHPNukeDE\tbPHP0.dll <binary data> "{A057A204-BACC-4D26-9990-79A187E2698E}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" - "Conduit Ltd." - C:\Program Files\PHPNukeDE\tbPHP0.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {EA6246B4-F380-443F-8727-9AEA3371146C} "CPlayFirstWeddingDashControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\WeddingDash.1.0.0.47.dll / hxxp://www.gamehouse.com/realarcade-webgames/weddingdash/WeddingDash.cab {588031A3-94BF-4CDD-86D0-939F6F93910F} "FixItClient Class" - "Microsoft" - C:\Windows\Downloaded Program Files\FixItControl.dll / https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" - "Conduit Ltd." - C:\Program Files\PHPNukeDE\tbPHP0.dll {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll {52836EB0-631A-47B1-94A6-61F9D9112DAE} "Veoh Video Compass" - "Veoh Networks" - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} "Veoh Web Player Video Finder" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Program Files\AVG\AVG8\avgssie.dll (File not found) {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" - "Conduit Ltd." - C:\Program Files\PHPNukeDE\tbPHP0.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dock.lnk" - "RaduKing" - C:\VistaOSX09\RKLauncher.exe (Shortcut exists | File exists) "OpenOffice.org 2.3.lnk" - ? - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "Stardock ObjectDock.lnk" - ? - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk (Shortcut exists | File not found) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "PhonostarAgent" - ? - C:\Program Files\phonostar\ps_agent.exe "PhonostarTimer" - ? - C:\Program Files\phonostar\ps_timer.exe "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "VeohPlugin" - "Veoh Networks" - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "CCUTRAYICON" - ? - FactoryMode (File not found) "Easy-PrintToolBox" - "CANON INC." - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "KBD" - ? - C:\HP\KBD\KbdStub.EXE (File found, but it contains no detailed information) "NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "NokiaMusic FastStart" - "Nokia" - "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" "PC Suite for Smartphones" - ? - "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe "UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\Windows\system32\bthcrp.dll "Canon BJ Language Monitor MP550 series" - "CANON INC." - C:\Windows\system32\CNMLM9Z.DLL "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVK Tuner Service" (AVK Tuner Service) - ? - C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe (File not found) "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9d937315ac003)" (gupdate1c9d937315ac003) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel DH Service" (IntelDHSvcConf) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe "Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe "Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe "Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe "Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe "Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MySQL" (MySQL) - ? - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe (File found, but it contains no detailed information) "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "PNRP-Computernamenveröffentlichungs-Dienst PNRPAutoRegWPDBusEnum" (PNRPAutoRegWPDBusEnum) - ? - C:\Windows\system32\amxreadm.exe srv (File not found) "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SNMP-Trap SNMPTRAPShellHWDetection" (SNMPTRAPShellHWDetection) - ? - C:\Windows\system32\12520437s.exe srv (File not found) "stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Matt Ginzton" - C:\Windows\system32\Flurry.scr [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBRCheck: Zitat:
|
|
21.11.2010, 20:16
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird bläulich, reagiert nicht mehr Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bildschirm wird bläulich, reagiert nicht mehr |
| adobe, alert, antivir, antivir guard, askbar, avg, avira, bho, bildschirm, bonjour, browser, canon, cdburnerxp, converter, defender, desktop, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, locker, mp3, plug-in, problem, reagiert nicht, reagiert nicht mehr, rundll, security, senden, software, stolen.data, systemstartreperatur, tracker, trojan.agent.h, windows |
08BCD83943D7B2C .
Linear-Darstellung
