| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.04.2011, 21:07
| #1 |
 |  Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL Hallo Experten, ich habe mir "Windows Recovery" eingefangen und habe zum Glück Euer Posting zur Entfernung hier im Forum gefunden (http://www.trojaner-board.de/96741-w...entfernen.html). Ich bin so vorgegangen wie Ihr dort beschreibt (Malwarebyte nutzen), habe nur OTHelper nicht ausgeführt, weil nach dem Neustart sich Windows Recovery nicht mehr gemeldet hat. Allerdings war der Bildschirm schwarz, alle Dateien & Verknüpfungen bis auf den Papierkorb weg, ebenso fehlt die Schnellstartleiste. Nach einen OTL Scan wie von Euch beschrieben (http://www.trojaner-board.de/85104-o...-oldtimer.html) sind zumindest die Dateien und Verknüpfungen wieder auf dem Desktop. Auch schaut mein Benutzerkonto wieder so waus wie früher. Es fehlt weiterhin das Hintergrundbild und alle Dateien und Verknüfungen auf dem Desktop sowie meine Daten in meinem Benutzerkonto erscheinen wie sonst verborgene Daten ("milchig"). Lediglich die Malewareverlinkung auf dem Desktop ist normal. Bei fast allen ist bei Eigenschaften "vrsteckt" aktiviert. Ich habe es testweise bei einigen deaktiviert - manche sehen wieder "normal" aus, manche nicht... Zum Schluss habe ich eben gesehen, dass noch eine "Windows Recovery" Verküpfung auf dem Desktop habe. Sie ist mit der Dtatei "C:\ProgramData\47374088.exe" verküpft. Diese extisiert sogar noch - aber soweit ich das erkenne nicht als .exe, sondern ohne Endung. Auch sind noch zwei ähnliche Dateien im Folder zu finden: "~47374088" und "~47374088r" 2 Fragen hätte ich: - Ist mein System wieder "sauber"? - Was kann ich tun, dass die Daten auf dem Desktop und in meinem KOnto wieder vernünftig aussehen? Anbei die Logs von Malwarebyte und 2x OTL Ich bedanke mich schon jetzt ganz herzlich für Eure Hilfe. Bereits die zwei oben zitierten Postings haben verhindert, dass ich einen Herzinfarkt bekommen habe :-)! Ihr macht einen Superjob! ###################### Malwarebyte ###################### Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6368 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15.04.2011 19:36:09 mbam-log-2011-04-15 (19-36-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 425552 Laufzeit: 3 Stunde(n), 23 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XjFfFSETuJNIM (Trojan.Agent) -> Value: XjFfFSETuJNIM -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\xjfffsetujnim.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Office\AppData\Local\Temp\wsecxmoanr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Office\AppData\Local\Temp\err.log17055667 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17058912.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17059114.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17059426.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Office\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. ######################## OTL.txt ########################OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.04.2011 20:19:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 113,97 Gb Total Space | 19,23 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Drive D: | 110,94 Gb Total Space | 13,48 Gb Free Space | 12,15% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\lxeacoms.exe ( ) PRC - C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) PRC - C:\Programme\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Programme\ThreatFire\TFService.exe (PC Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\ThreatFire\TFWAH.dll (PC Tools) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( ) SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe () SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Realtek11nSU) -- C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools) DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools) DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools) DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (Pinnacle Systems GmbH) DRV - (DCamUSBEMPIA) -- C:\Windows\System32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (FiltUSBEMPIA) -- C:\Windows\System32\drivers\emFilter.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\Windows\System32\drivers\emScan.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:7.7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.02.28 19:44:29 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 00:12:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 00:12:04 | 000,000,000 | ---D | M] [2008.11.14 19:02:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.04.14 22:31:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions [2011.03.07 21:38:24 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.07 21:38:25 | 000,000,000 | -H-D | M] (Hyperwords) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2011.03.07 21:38:24 | 000,000,000 | -H-D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.03.07 21:38:37 | 000,002,884 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\m7az4pnm.default\searchplugins\hyperwords.xml [2010.06.04 12:40:51 | 000,001,330 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\m7az4pnm.default\searchplugins\wikipedia-en.xml [2010.12.26 16:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.04 10:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.26 09:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.11.17 11:14:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008.12.03 19:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.08 22:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.20 20:29:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.26 18:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.01 20:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.06.04 10:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.26 09:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.28 19:44:29 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.14 20:32:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.14 20:32:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.14 20:32:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.14 20:32:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.14 20:32:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 20:52:09 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 87.238.137.85 www.fc-bayern.de O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: &NeoTrace It! - C:\Programme\NeoTrace Express\NTXcontext.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: coupe.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.87 62.109.123.6 213.191.92.86 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 20:40:48 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell - "" = AutoRun O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{4667081a-9c8d-11de-8dfe-001dba815c64}\Shell\AutoRun\command - "" = F:\filmstart.bat O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun\Autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck turegopt) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.15 20:17:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.15 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.04.15 15:19:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:18:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:18:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.15 14:24:02 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.01 20:53:42 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.03.24 21:03:46 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.24 21:03:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.12.04 19:16:09 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll [2010.12.04 19:10:52 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll [2010.12.04 19:10:52 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll [2010.12.04 19:10:52 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll [2010.12.04 19:10:51 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll [2010.12.04 19:10:51 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll [2010.12.04 19:10:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll [2010.12.04 19:10:51 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll [2010.12.04 19:10:50 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll [2010.12.04 19:10:50 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe [2010.12.04 19:10:49 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll [2010.12.04 19:10:49 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe [2010.12.04 19:10:49 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll [2010.12.04 19:10:48 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe [2 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.15 20:17:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.15 19:57:01 | 000,001,122 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job [2011.04.15 19:51:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.15 19:47:41 | 000,702,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 19:47:41 | 000,648,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 19:47:41 | 000,155,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 19:47:41 | 000,127,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.15 19:41:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.15 19:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 19:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 19:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.15 15:19:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 15:10:28 | 001,006,778 | -H-- | M] () -- C:\Users\****\Desktop\hallo.exe [2011.04.15 15:04:56 | 001,006,778 | -H-- | M] () -- C:\Users\****\Desktop\rkill.com [2011.04.15 14:38:50 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~47374088 [2011.04.15 14:38:49 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~47374088r [2011.04.15 14:37:31 | 000,000,392 | -H-- | M] () -- C:\ProgramData\47374088 [2011.04.15 14:24:03 | 000,000,583 | -H-- | M] () -- C:\Users\****\Desktop\Windows Recovery.lnk [2011.04.15 14:10:06 | 000,223,744 | -H-- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.15 14:09:56 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.04.15 14:09:34 | 000,004,082 | -H-- | M] () -- C:\Users\****\Desktop\1426 Bewerberliste(2).zip [2011.04.14 20:57:02 | 000,001,070 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job [2011.04.11 18:41:58 | 000,042,704 | -H-- | M] () -- C:\Users\****\Desktop\Übung Beispielem.pdf [2011.03.27 11:45:12 | 000,002,032 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.03.27 10:04:55 | 000,001,785 | -H-- | M] () -- C:\Users\****\Desktop\Avira DE-Cleaner.lnk [2011.03.19 15:11:39 | 000,781,275 | -H-- | M] () -- C:\Users\****\ROPO in der Reisebranche - Eine Analyse des Kaufverhaltens in der Touristik.pdf [2011.03.16 20:56:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.15 15:19:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 15:10:18 | 001,006,778 | -H-- | C] () -- C:\Users\****\Desktop\hallo.exe [2011.04.15 15:04:40 | 001,006,778 | -H-- | C] () -- C:\Users\****\Desktop\rkill.com [2011.04.15 14:38:49 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~47374088r [2011.04.15 14:38:49 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47374088 [2011.04.15 14:24:03 | 000,000,583 | -H-- | C] () -- C:\Users\****\Desktop\Windows Recovery.lnk [2011.04.15 14:23:40 | 000,000,392 | -H-- | C] () -- C:\ProgramData\47374088 [2011.04.15 14:09:34 | 000,004,082 | -H-- | C] () -- C:\Users\****\Desktop\1426 Bewerberliste(2).zip [2011.04.11 18:41:48 | 000,042,704 | -H-- | C] () -- C:\Users\****\Desktop\Übung Beispielem.pdf [2011.04.01 20:52:34 | 000,001,122 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job [2011.04.01 20:52:33 | 000,001,070 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job [2011.03.27 10:04:55 | 000,001,785 | -H-- | C] () -- C:\Users\****\Desktop\Avira DE-Cleaner.lnk [2011.03.19 15:11:39 | 000,781,275 | -H-- | C] () -- C:\Users\****\ROPO in der Reisebranche - Eine Analyse des Kaufverhaltens in der Touristik.pdf [2010.12.04 19:16:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll [2010.12.04 19:16:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll [2010.12.04 19:15:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll [2010.12.04 19:15:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll [2010.12.04 19:13:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEAPMON.DLL [2010.12.04 19:13:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEAFXPU.DLL [2010.12.04 19:13:01 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEAoem.dll [2010.12.04 19:11:08 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini [2010.12.04 19:10:53 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll [2010.12.04 19:10:50 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll [2010.12.04 19:10:50 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll [2010.12.04 19:10:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll [2010.12.04 19:10:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll [2010.12.04 19:10:49 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll [2010.12.04 19:10:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll [2010.12.04 19:10:49 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll [2010.12.04 19:10:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll [2010.12.04 19:09:00 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll [2010.12.04 19:08:59 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll [2010.06.15 00:15:55 | 000,495,104 | ---- | C] () -- C:\Windows\System32\CBPRED.DLL [2010.06.15 00:15:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\paradise.dll [2009.12.09 21:31:19 | 000,025,773 | -H-- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png [2009.08.19 09:59:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.19 09:59:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.13 20:40:48 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll [2009.08.13 20:40:48 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2009.08.13 20:40:48 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll [2009.08.13 20:40:48 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll [2009.08.13 20:40:48 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2009.01.19 18:02:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.01.07 09:22:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.01.07 09:21:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.20 23:32:16 | 000,000,074 | -H-- | C] () -- C:\Windows\tm.ini [2008.12.03 15:12:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll [2008.12.03 15:12:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll [2008.12.03 15:12:25 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll [2008.12.03 15:09:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.12.03 15:09:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2008.11.30 22:17:58 | 000,037,376 | ---- | C] () -- C:\Windows\unlite.exe [2008.11.25 18:05:04 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe [2008.11.25 18:05:04 | 000,001,072 | ---- | C] () -- C:\Windows\System32\unins000.dat [2008.11.17 13:21:20 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ldf252.dll [2008.11.17 12:38:31 | 000,230,377 | ---- | C] () -- C:\Windows\System32\XXCOPY16.EXE [2008.11.15 16:02:07 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.11.15 15:39:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.14 19:23:01 | 000,223,744 | -H-- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.14 19:12:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.14 18:57:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.14 18:15:12 | 000,002,032 | -H-- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2008.08.09 14:10:45 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.07.10 21:07:09 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.07.10 21:07:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll [2008.07.10 21:07:08 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.07.10 21:07:08 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.07.10 21:07:08 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.07.10 21:07:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.10 21:07:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.07.10 21:07:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.07.10 21:04:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.10 11:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.04.17 10:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.01.21 09:15:58 | 000,702,080 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,155,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,846,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,648,372 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,127,068 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2008.12.20 23:38:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\AAV [2008.12.22 18:41:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ACD Systems [2010.10.17 11:29:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Canon [2010.06.19 23:45:36 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Decisioneering [2010.07.26 16:31:19 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Esuwg [2008.12.17 11:52:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2009.10.13 13:03:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Free Monitor for Google [2008.11.17 16:21:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2009.01.07 09:27:07 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MAGIX [2008.11.23 20:44:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\myphotobook [2009.09.23 13:31:57 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Nokia [2009.09.10 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PC Suite [2009.12.09 21:31:19 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PeerNetworking [2009.08.13 21:02:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\proDAD [2010.12.07 21:00:07 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\S300-S400 Series [2011.04.15 19:38:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29 < End of report > ################## Extra.txt ##################OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.04.2011 20:19:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,97 Gb Total Space | 19,23 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive D: | 110,94 Gb Total Space | 13,48 Gb Free Space | 12,15% Space Free | Partition Type: NTFS
Computer Name: ****| User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01678E37-5E03-4469-A954-C4257FEBAED7}" = lport=138 | protocol=17 | dir=in | app=system |
"{091CB9E0-F08C-4017-9F2F-740A0E2EE133}" = rport=445 | protocol=6 | dir=out | app=system |
"{1BA3273B-15F1-409E-AD13-1CF9686E7ECC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3388CA16-8DE7-4A91-8140-95C2D036E316}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{340C600A-EDDF-48DE-85F4-E1C12A1C85CF}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{5175F0C7-75AC-4FD3-BB31-6833C025C9AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D9DC392-8865-4182-974B-59A28CFD6FE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{9D78771D-8DB8-4A06-9331-A98C54CFA63F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6DA3B37-36FC-4E73-B91B-361D9747EE96}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8A95C39-7036-42D8-A59B-85C9251D7F1C}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE5EF06A-AB20-4FA7-9BBB-ABEFA6373454}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4DE46BC-C5D2-4521-B691-040756AA74CA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\outlook.exe |
"{B5E8B9E7-5B64-433E-BB93-1D89EB2743DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{C6E19DBB-D9C2-4584-8E51-F7B8EA68F7EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F693DC77-E1CF-4373-9D3C-5A9FEE4D2B2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FFCE21CE-B5F1-4066-9B51-D29619F9672B}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A62BA5-95E9-4D47-BF06-941EC0DD7158}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{01465BDA-1B69-4177-BAD0-C740C2E26CA4}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{04D41C17-CA88-4628-BB7D-C179C87EE51B}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{057A1101-883B-4C7D-9C7D-69A0609AB3CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe |
"{0CC80CC5-08EE-497C-A7FC-EA87F4566DC2}" = protocol=17 | dir=in | app=c:\program files\sitecom\11n usb wireless lan utility\rtwlan.exe |
"{0F220284-5822-4237-9D86-4B39E70C6DA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F2F9491-0ECA-4A91-8C68-28309E6EE6F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1A2C4BF7-0447-4826-BEC9-C2ECB06779A1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{2410352A-FD27-4443-B7EE-678AD3A4BB19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E392F43-002E-46FC-8A15-701EFC6C1D1B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{4140F0F7-F971-4F3C-9968-D8574B8FD836}" = protocol=6 | dir=in | app=c:\program files\sitecom\11n usb wireless lan utility\rtwlan.exe |
"{52B03D4D-8903-4398-85C3-7F8271C98314}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5444C2D1-4FD1-4166-902F-B30FB581C9CA}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{5693A02F-FA62-4D8F-BACB-8C62921396E5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5A034AA3-F31D-437A-917D-E9A7F4937C93}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5CFA07B2-5F8B-47E0-99DC-D5E17DEBA524}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{6421A2FD-73E2-47E7-B951-75C5D980EED0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{65589103-7E29-45CF-AE57-68CC1396BFFB}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{7007E052-88C1-4E42-846A-3840558E2195}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{729BECCB-E36E-4C79-ADD4-68A9A5BDCA4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe |
"{746F36C3-51B6-478E-8438-A19E32F81B28}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{7BF09761-E1B0-468E-80DA-0571AE4AF668}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{7D9A6BC2-7304-4EBD-82B3-8A44615BF353}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{84669E1F-E2E2-4F35-A2C2-93EC33A8F394}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8A6BF6F2-79B3-46C1-BB6C-0F22A2F54405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1FFFA66-3DCC-4213-99A0-CE38874F48E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2FAD5CF-9132-4274-9F41-9898BA1D5182}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{A7524271-521A-4F3F-9F4C-134DF79E34D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B64C1020-0F62-485C-971B-65EAA3184979}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BE79C0D1-B39B-4DC0-A3B0-C0FBAC4AF29E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB2CDB19-9FB5-4E36-A881-40A70F0DEC05}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE800600-3892-4BD9-9965-0AA29191F4FC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{D059E94B-4C8B-4F00-A31F-92502BAA66E4}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{D0EC33B8-442D-42B2-941B-1F5F10191171}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D55F1F0D-EAC7-47C5-80D9-815132DD5BC3}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{D72C9EFB-7740-4D86-88A1-6C9E22D272B8}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe |
"{DF93EF1C-5C0B-47D1-BA5A-0ADC506D4EA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2520143-362F-4838-AD3E-188188DF9C9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe |
"TCP Query User{2792FE20-B3A4-43C8-A823-A91A59581380}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{313EE17F-C5D3-4EF3-B26E-B091F45D0EF1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7A0CE97F-5175-47CB-9151-903CEF20A878}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{99C6A051-A0F8-4E19-A7D3-8542F1C3BF78}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B0525753-A312-40FD-8069-2A6E52C7CD1C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E02AD014-287F-4C93-8715-22EA4F254C43}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe |
"TCP Query User{F60C2386-7D59-4B87-9CE0-6F585B78D7AD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{FF3E360F-84D5-4B6B-BA83-AC80A208578E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{079AF0F3-D1A9-40C1-BC89-7DE95AA7EEBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12C275AE-E819-4D5B-AF9D-0159B93CC431}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1A1580D3-4192-4FE2-AF32-E7F2E51998DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1BCA717A-804D-453C-AD0C-3F19A8ABDCA0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{6B36687E-A96B-45D2-A4E5-D8EC8168D20A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{848A8198-9161-43B6-A6D9-4CDC354C92D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{88325290-C5BB-40BC-8A59-CCA40937A6E9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B1E5D579-A84B-4117-A716-DBA9FC04E569}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0E286BDA-8683-409E-A684-C75FEB1B1965}" = Crystal Ball 7
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C4F56A2-03D5-441B-B911-EC2604622D58}" = FormsForWeb® Filler
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903A0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A89BD2-21DF-43EB-9024-9A4040F167F5}" = SPSS 16.0 für Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 11n USB Wireless LAN Driver and Utility
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E58A0BB1-1FA1-40DC-AFA4-2C86D0A3B879}" = locr GPS Photo
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crystal Ball 2000" = Crystal Ball 2000
"dt icon module" =
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.1.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"JDownloader" = JDownloader
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Lynx Web Browser_is1" = Lynx 2.8.5rel.1
"MAGIX Video deluxe silver - BILD.de D" = MAGIX Video deluxe silver - BILD.de 8.0.2.7 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.6
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"Pixelspeed_Layouter" = Pixelspeed Layouter
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"ShadowExplorer_is1" = ShadowExplorer 0.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5)
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XXConsole" = XXConsole: Super Console Generator ver 0.93
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6365
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6365
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 896: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 900: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 916: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 912: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 908: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 10.10.2010 07:06:29 | Computer Name = ****| Source = MsiInstaller | ID = 11310
Description =
Error - 10.10.2010 07:11:52 | Computer Name = ****| Source = MsiInstaller | ID = 11310
Description =
[ OSession Events ]
Error - 28.11.2010 08:34:58 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1733
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.11.2010 08:35:19 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.11.2010 19:21:20 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12908
seconds with 2700 seconds of active time. This session ended with a crash.
Error - 02.12.2010 06:17:31 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.01.2011 07:58:09 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3469
seconds with 60 seconds of active time. This session ended with a crash.
Error - 09.02.2011 19:10:07 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.02.2011 18:00:15 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.02.2011 17:43:16 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 60 seconds of active time. This session ended with a crash.
Error - 07.03.2011 04:36:13 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 66871 seconds with 8160 seconds of active time. This session ended with
a crash.
Error - 28.03.2011 13:24:26 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.04.2011 13:38:01 | Computer Name = ****| Source = DCOM | ID = 10010
Description =
Error - 15.04.2011 13:40:58 | Computer Name = ****| Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description =
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2011 14:31:31 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description =
Error - 15.04.2011 14:31:31 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = DCOM | ID = 10005
Description =
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description =
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
| Themen zu Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL |
| 0x00000001, alternate, antivir, avgntflt.sys, avira, bho, bildschirm, bonjour, data restore, error, excel.exe, firefox, flash player, frage, google earth, helper, heuristics.reserved.word.exploit, home, install.exe, jdownloader, location, microsoft office 2003, microsoft office word, mozilla, mp3, msiinstaller, office 2007, otl scan, otl.exe, plug-in, realtek, registry, saver, scan, sched.exe, searchplugins, secunia psi, security, security update, senden, server, shadowexplorer, shell32.dll, shortcut, skype.exe, software, start menu, studio, svchost.exe, system, usb, vista, windows |
Baum-Darstellung