| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 und jetzt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.04.2011, 21:05
| #1 |
| |  TR/Kazy.mekml.1 und jetzt? hallo haben seit heut auch den TR/Kazy.mekml.1 und nachdem ich hier schon n bisschen gelesen hab, den OTL runtergeladen und einen scan durchlaufen lassen. hier die ergebnisse: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 21:05:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) ========== Driver Services (SafeList) ========== DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M] [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions [2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88} [2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com [2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml [2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml [2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml [2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml [2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml [2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml [2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml [2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml [2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} [2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG [2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX [2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll [2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll [2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5) [2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio [2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon [2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4) [2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures [2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom [2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade [2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe [2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job [2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe [2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url [2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe [2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys [2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI [2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI [2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat [2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat [2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988 @Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3 < End of report > und noch das zweite: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE4AB9-05D7-44F7-9B0F-94249DB8EC47}" = lport=445 | protocol=6 | dir=in | app=system |
"{66F7F48E-1EF9-4D99-B1B2-24FF7176F6CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3C40E56-03E7-4E48-9339-279EA860CFF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B88766C4-751B-4FCF-93D8-CEAE2ABED598}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAAE537E-E1F3-4C43-B5E6-D4EE0C4C76B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4E5EEFA-9CF7-4D84-9AD7-18CC826D3B74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DDDA2D15-314C-4942-9075-B77A7B0C7FDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E97FF89D-EF31-4A14-B0C8-38E644F3B83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2734FBB-279B-4F13-B971-F34FE5F0FFAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4D18BDB-0629-4755-A488-192138FAFE93}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025EB18-6632-42A0-99C4-0D57BA884102}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CE7BC3D-84DF-4E14-8137-7A2EED505350}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2D87E381-7EDF-4B42-B358-6D912B621F97}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3D1A72F6-2AE0-44FD-AAB7-CB613D487D7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3EE36C16-EE41-4B38-894E-6C55D75850BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4EA490CF-CFDB-495B-A4A1-9773506408B6}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{50E7BB67-AB1D-46A4-AC08-E7FB9962BC77}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{57607F00-89D5-4459-BD1A-8D43E66AA417}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{789A518F-0A1B-4E51-A96B-22B4D951A654}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7F6C9084-4608-4A81-AF17-4A68B89E051F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{80616181-E9ED-4D76-906D-971AAB03432F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{843E9780-BBEB-41BC-98C4-D57CDC83A772}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{9563085C-E533-4F12-BDB7-07AD9116B6DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{989D6816-DDA6-4F84-A584-703284E5D44D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFED63F6-8614-4D9E-99DE-DB673C7F7593}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4732F6A-8916-4F89-87B1-01AD2B12FB4A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B5FFCCCC-584E-40CA-8C99-E09C3049BAD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D042E2CF-7CC5-49B9-9A72-A561621E406F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D12973E1-D033-449D-8F90-1FC48BBC8A69}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D29B898F-892B-41B1-901A-BE07D1225A36}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D54450AC-98E8-4FE1-BABB-A4C300379E46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA3E266F-7B7F-42DC-B7D4-50E139290603}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8E5316E-7A42-47D7-A815-FA0C59002F4D}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F1E87292-7997-4E5B-9B3C-DF51B0C06D9D}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F56E6D8B-F4C2-407D-915E-F1406C97A293}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2DCDD54C-BCA3-41F4-9E63-FA9D8F92ADA3}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"TCP Query User{401E4E8D-2292-4C8F-809E-FF311300BE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4CEFCADF-11FD-4990-A01A-165AD7555F83}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{89F323A6-7814-4014-B694-FAFEE8597B45}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{8DC620BA-1A0F-46C5-A13B-C83DD4443E2C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A0FD5B02-540A-4DEB-822C-62A8C23C940D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D8711A72-9E5E-44E8-8BED-C725E07B1C64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E8EE1298-42D7-4E2B-AF43-E7471134FA79}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{19C83C63-742B-402B-9658-A60397120121}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{37830EE0-65C7-4235-AE83-29858670C94E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4945DB64-B1FA-405C-A4DC-47FC398EBB66}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{955C5B4D-0C77-4FAD-BA02-FE0D1BF8D4A9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{956CF4FC-F375-48CA-BD3C-2A2C49884ABA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9C6FF2DF-655C-49C8-AA2C-CAD995FAD5DA}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{C9D290DB-2C3D-432F-ABED-60704579EEFF}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"UDP Query User{E844DACC-CBB4-4A73-9B47-371E82E06F29}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt?
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4E5459A7-20FC-44D6-8832-80AE5A8D2B47}_is1" = GnuPT Version 3.6.7
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"10 Days To Save The World" = 10 Days To Save The World (nur deinstallation)
"87f22455ae2e457413fab5f880d72f9a" = Bookworm Adventures
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AlawarGameBox" = Alawar Game Box
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Be A King" = Be A King (nur deinstallation)
"BFG-Bookworm Deluxe" = Bookworm Deluxe
"BFGC" = Big Fish Games: Game Manager
"BFG-Ice Cream Craze - Tycoon Takeover" = Ice Cream Craze: Tycoon Takeover
"BGroom" = BGroom
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Boggle_is1" = Boggle
"Bookworm Adventures Deluxe" = Bookworm Adventures Deluxe
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Cheatbook 05.2009" = Cheatbook 05.2009
"Coconut Queen" = Coconut Queen (nur deinstallation)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dirty Split" = Dirty Split (remove only)
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang (Patch Version 1.02)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eco Rescue: Project Rainforest" = Eco Rescue: Project Rainforest (nur deinstallation)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX650 Series" = Druckerdeinstallation für EPSON PX650 Series
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX650_TX650 Benutzerhandbuch" = Epson Stylus Photo PX650_TX650 Handbuch
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon (nur deinstallation)
"Farm Frenzy 3" = Farm Frenzy 3 (nur deinstallation)
"Farm Frenzy 3 ." = Farm Frenzy 3 .
"Farm Frenzy 3 Ice Age 1.00" = Farm Frenzy 3 Ice Age 1.00
"Farm Frenzy: Gone Fishing!" = Farm Frenzy: Gone Fishing! (nur deinstallation)
"Farm Mania 2" = Farm Mania 2 (nur deinstallation)
"Fever Frenzy" = Fever Frenzy (remove only)
"Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers (nur deinstallation)
"Fishdom: Frosty Splash" = Fishdom: Frosty Splash (nur deinstallation)
"Free Studio_is1" = Free Studio version 4.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InternetTV_is1" = InternetTV 7.12
"IrfanView" = IrfanView (remove only)
"Island Realms" = Island Realms (nur deinstallation)
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (nur deinstallation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (nur deinstallation)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Balla 2006" = Mini Balla 2006
"Mini-Mäuse" = Mini-Mäuse
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"My Free Mahjong_is1" = My Free Mahjong
"My Tribe" = My Tribe (nur entfernen)
"My Tribe 1.00" = My Tribe 1.00
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Mania" = Photo Mania (nur entfernen)
"Picasa 3" = Picasa 3
"Poker Superstars II" = Poker Superstars II (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickSFV" = QuickSFV (Remove only)
"RealArcade 1.2" = RealArcade
"RollerCoaster Tycoon Setup" = Roll
"Royal Trouble" = Royal Trouble (nur deinstallation)
"Sanitarium" = Sanitarium
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"SKIP¯BO Castaway Caper" = SKIP¯BO Castaway Caper (nur deinstallation)
"Sprill & Rithies Adventures In Time" = Sprill & Rithies Adventures In Time (nur deinstallation)
"Super Granny 5" = Super Granny 5 (nur deinstallation)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Tahiti Hidden Pearls" = Tahiti Hidden Pearls (nur deinstallation)
"The Clumsys" = The Clumsys (nur entfernen)
"The Enchanting Islands" = The Enchanting Islands (nur deinstallation)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WEB.DE IE7 Browser Update" = WEB.DE IE7 Browser Update
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Farm Frenzy 2 Deluxe" = Farm Frenzy 2 Deluxe
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2011 04:17:44 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 20.04.2011 04:19:05 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 20.04.2011 13:23:50 | Computer Name = pablo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.04.2011 02:32:01 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 02:33:22 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:46:36 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:47:57 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:49:18 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 08:20:09 | Computer Name = pablo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1764 Anfangszeit: 01cbffea8f121339 Zeitpunkt
der Beendigung: 19
Error - 21.04.2011 08:55:57 | Computer Name = pablo-PC | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 18.06.2010 14:21:46 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.06.2010 07:48:12 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 11.07.2010 08:08:18 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 17.07.2010 03:59:38 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 17.07.2010 13:00:42 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 27.07.2010 17:06:37 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 28.07.2010 17:17:17 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 29.01.2011 08:00:48 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 15.02.2011 05:05:13 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 13.04.2011 15:14:35 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 08:56:36 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:43 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 09:04:37 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 10:29:17 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 10:36:09 | Computer Name = pablo-PC | Source = DCOM | ID = 10010
Description =
Error - 21.04.2011 15:09:31 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
bitte sagt uns was wir damit anfangen können? danke und frohe ostern |
| Themen zu TR/Kazy.mekml.1 und jetzt? |
| alternate, antivir, avgntflt.sys, avira, bho, bonjour, browser update, conduit, entfernen, error, excel.exe, failed, fever, firefox, fishing, flash player, format, google, google chrome, google earth, home, iexplore.exe, install.exe, intranet, location, logfile, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, realtek, registry, rundll, saver, scan, searchplugins, security, security scan, security update, senden, skype.exe, software, sptd.sys, start menu, studio, symantec, tubebox, udp, video converter, vista |
Baum-Darstellung