| |
| |||||||
Log-Analyse und Auswertung: Werde ich ausspioniert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.05.2011, 16:56
| #1 |
 |  Werde ich ausspioniert? Hallo zusammen, vermute schon seit längerem, dass ich ausspioniert werde. Die verdächtigte Person hat es nie zugegeben, jedoch Andeutungen gemacht, dass es sein könnte. Außerdem weiß er Dinge über mich, die nur ich wissen kann... Er ist Administrator in einem anderen Forum. Außerdem hatten wir Kontakt per E-Mail und MSN (auch über Webcam-leider!). Bin über jede Hilfe dankbar. Bin echt verzweifelt. Hier sind die Log-Files. Ich hoffe, ich hab alles richtig gemacht. Code:
ATTFilter OTL logfile created on: 06.05.2011 15:47:39 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 34,52 Gb Free Space | 23,96% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 137,86 Gb Free Space | 95,71% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.06 15:12:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.05.02 06:45:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.04.28 14:33:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.26 10:09:16 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.53\GoogleCrashHandler.exe PRC - [2011.03.18 12:45:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.11.16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.11.02 18:06:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.05.11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.03 20:28:18 | 000,118,784 | ---- | M] () -- C:\Programme\CPUCooL\CooLSRV.exe PRC - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.18 21:05:40 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2008.10.27 13:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2011.05.06 15:12:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2011.01.11 08:55:06 | 000,961,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll MOD - [2010.11.04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.12.24 17:48:55 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll MOD - [2009.12.24 17:48:54 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll MOD - [2009.11.11 20:51:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2009.11.11 20:51:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll MOD - [2009.08.02 15:18:37 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.04.11 08:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2009.04.11 08:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2009.02.12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll MOD - [2008.10.27 13:05:12 | 000,267,824 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\sysenv.dll MOD - [2008.10.27 13:05:12 | 000,121,392 | ---- | M] (EgisTec Inc) -- C:\Programme\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll MOD - [2008.10.27 13:05:10 | 000,121,392 | ---- | M] (EgisTec Inc) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlUI.dll MOD - [2008.10.27 13:05:10 | 000,040,496 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\PSDProtect.dll MOD - [2008.10.27 13:05:08 | 000,092,720 | ---- | M] (Egis Incorporated) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlOP.dll MOD - [2008.10.27 13:05:06 | 000,526,896 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll MOD - [2008.10.27 13:05:04 | 000,530,992 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll MOD - [2008.10.25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.21 04:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2008.01.21 04:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.28 14:33:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.18 12:45:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.03 20:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Programme\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.12.18 21:05:40 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2008.10.27 13:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2005.07.25 21:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device) ========== Driver Services (SafeList) ========== DRV - [2011.03.18 12:45:47 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 16:41:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.17 12:04:54 | 000,025,088 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\drivers\Wdfex.sys -- (Wdfex) DRV - [2010.11.17 12:04:18 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sffnt.sys -- (sffnt) DRV - [2010.11.17 12:04:12 | 000,518,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rmcast2k.sys -- (rmcast2k) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.01.03 20:28:18 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.01.03 20:28:18 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2009.11.17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.01 01:03:06 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC) DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.12.12 21:59:00 | 007,607,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.10.09 17:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.10.09 17:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.10.09 17:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.09 21:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.09.05 23:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.25 13:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.03 07:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_5737z IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_5737z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_5737z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "localhost" FF - prefs.js..network.proxy.gopher_port: 8118 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 8118 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.13 15:21:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 06:45:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 10:54:41 | 000,000,000 | ---D | M] [2009.03.08 22:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.22 19:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cu07pa9n.default\extensions [2010.04.28 02:44:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cu07pa9n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.25 08:39:13 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cu07pa9n.default\extensions\dplauncher@digitalpublishing.de [2011.03.22 22:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.05 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2010.06.05 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.02 06:45:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.06.05 19:15:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.06 12:20:44 | 000,000,761 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LogitechRegisterVideoApplications] File not found O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SBRegRebootCleaner] File not found O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Vidalia] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk = C:\Programme\CPUCooL\CPUCooL.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.70.240.53 129.70.182.24 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d9c2c98-0f18-11de-b985-001eece040a1}\Shell - "" = AutoRun O33 - MountPoints2\{0d9c2c98-0f18-11de-b985-001eece040a1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.06 15:46:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.06 15:44:48 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.06 15:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.06 15:12:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.05.06 15:12:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.06 15:12:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2008.12.12 21:24:21 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2005.07.25 21:31:30 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll [2005.07.25 21:27:22 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll [2005.07.25 21:26:58 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll [2005.07.25 21:25:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe [2005.07.25 21:25:26 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll [2005.07.25 21:25:18 | 000,491,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe [2005.07.25 21:24:46 | 000,704,512 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll [2005.07.25 21:24:14 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll [2005.07.25 21:19:36 | 001,134,592 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll ========== Files - Modified Within 30 Days ========== [2011.05.06 15:45:05 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.05.06 15:44:49 | 000,000,737 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.05.06 15:44:49 | 000,000,718 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.05.06 15:34:39 | 000,675,784 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.06 15:34:39 | 000,635,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.06 15:34:39 | 000,146,618 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.06 15:34:39 | 000,120,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.06 15:26:56 | 000,135,541 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.06 15:26:56 | 000,135,541 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.06 15:26:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.06 15:26:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.06 15:26:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.06 15:26:16 | 856,346,809 | ---- | M] () -- C:\Windows\System32\trkcache.dll [2011.05.06 15:26:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.06 15:26:08 | 2951,106,560 | -HS- | M] () -- C:\hiberfil.sys [2011.05.06 15:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.06 15:12:50 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.05.06 15:12:50 | 000,302,080 | ---- | M] () -- C:\Users\***n\Desktop\g2m3e4r.exe [2011.05.06 15:12:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.06 15:12:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011.05.02 18:53:47 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND [2011.04.24 10:54:41 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.04.14 08:40:02 | 000,401,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.11 15:50:32 | 013,048,525 | ---- | M] () -- C:\Users\***\Desktop\Weight_Watchers_-_3_Wochen_Plan.pdf ========== Files Created - No Company Name ========== [2011.05.06 15:45:05 | 000,000,917 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.05.06 15:44:49 | 000,000,737 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.05.06 15:44:49 | 000,000,718 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.05.06 15:12:38 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe [2011.04.11 15:49:28 | 013,048,525 | ---- | C] () -- C:\Users\***\Desktop\Weight_Watchers_-_3_Wochen_Plan.pdf [2010.11.23 17:43:27 | 000,000,458 | ---- | C] () -- C:\Windows\hphmdl32.dat.temp [2010.11.18 09:47:33 | 856,346,652 | ---- | C] () -- C:\Windows\System32\trkcache.dll [2010.11.17 19:16:23 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\Wdfex.sys [2010.11.17 19:16:23 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\sffnt.sys [2010.11.17 19:16:22 | 000,518,656 | ---- | C] () -- C:\Windows\System32\drivers\rmcast2k.sys [2010.11.17 19:16:22 | 000,000,032 | ---- | C] () -- C:\Windows\System32\KBDLAcom.dat.dll [2010.11.17 12:10:38 | 003,153,920 | ---- | C] () -- C:\Windows\System32\rassvr.exe [2010.11.17 12:04:54 | 001,094,144 | ---- | C] () -- C:\Windows\System32\icsx86.dll [2010.11.17 12:04:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ver32.dll [2010.07.07 00:40:58 | 007,711,503 | ---- | C] () -- C:\Windows\System32\SBSP.dat [2010.07.06 13:29:11 | 000,007,411 | ---- | C] () -- C:\Windows\System32\SBFC.dat [2010.06.27 19:53:50 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2010.06.21 16:50:18 | 000,063,488 | ---- | C] () -- C:\Users\***\AppData\Roaming\chrtmp [2010.06.21 16:50:10 | 046,199,808 | ---- | C] () -- C:\Users\***\AppData\Roaming\avira_antivir_premium_en.EXE [2010.06.17 21:06:34 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.03.01 00:40:48 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.01.27 18:52:12 | 000,004,956 | ---- | C] () -- C:\ProgramData\esswogwb.bbd [2010.01.20 16:25:40 | 000,032,337 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.01.18 17:31:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.01.03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2009.12.26 16:26:11 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.11.06 21:47:03 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.26 02:59:38 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.10.26 02:49:09 | 000,000,269 | ---- | C] () -- C:\Windows\WININIT.INI [2009.10.25 22:02:05 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe [2009.10.09 03:07:57 | 000,094,180 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2009.09.10 23:40:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.10 23:40:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.07 22:43:56 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.08 11:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 17:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\***\drivers\LVPr2Mon.sys [2009.03.12 20:19:09 | 000,004,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.03.08 22:20:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.01.18 13:15:38 | 000,135,541 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.01.18 13:15:27 | 000,135,541 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.01.18 13:00:14 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.01.18 13:00:14 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2009.01.18 13:00:14 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.12.12 21:22:50 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2008.12.12 14:42:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.12.12 14:42:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.12.12 14:02:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2008.12.12 14:02:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.12.12 14:02:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.12.12 14:02:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.12.12 13:11:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,675,784 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,618 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,401,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,635,778 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,120,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.08.09 07:06:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\lxcginsr.dll [2005.08.09 07:06:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxcgcur.dll [2005.08.09 07:06:36 | 000,126,976 | ---- | C] () -- C:\Windows\System32\lxcgjswr.dll [2005.07.07 11:12:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll ========== LOP Check ========== [2009.03.08 00:46:33 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.12.12 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.05.08 15:02:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2009.06.22 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe_Limited [2010.05.08 20:39:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clickteam [2009.03.08 00:57:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Datalayer [2009.03.08 22:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.08.13 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flood Light Games [2009.12.06 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FrmMain [2009.08.13 16:54:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet [2010.03.30 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.03.14 15:31:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.02.01 04:30:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\nswb [2011.03.14 15:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.01.20 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2009.03.09 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2010.05.08 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skullbyte [2009.03.08 01:58:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2010.05.08 17:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftMaker [2009.03.12 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.07.04 23:27:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\thecleaner [2010.10.31 17:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TypingMaster7 [2011.04.08 11:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.05.06 15:25:13 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.13 13:19:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.20 22:08:17 | 000,000,000 | -H-D | M] -- C:\ACER [2009.03.08 21:17:17 | 000,000,000 | ---D | M] -- C:\ACERSW [2008.12.12 14:51:28 | 000,000,000 | ---D | M] -- C:\book [2009.09.15 04:23:20 | 000,000,000 | -HSD | M] -- C:\Boot [2011.04.26 10:09:32 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.03.08 21:14:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.08.28 00:11:22 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.12.12 14:07:25 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.03.08 22:12:56 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.06 15:44:48 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.13 15:08:38 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.03.08 21:14:27 | 000,000,000 | -HSD | M] -- C:\Programme [2009.12.04 19:29:41 | 000,000,000 | ---D | M] -- C:\savwsa [2010.03.17 19:49:56 | 000,000,000 | ---D | M] -- C:\savw_9_sa [2009.03.08 21:29:38 | 000,000,000 | ---D | M] -- C:\SiteAdvisor [2011.05.06 15:49:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.03.11 19:27:52 | 000,000,000 | ---D | M] -- C:\Temp [2010.04.13 13:18:31 | 000,000,000 | R--D | M] -- C:\Users [2011.05.06 15:46:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 06:32:11 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C99F6ECA @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4220A65C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66B13F37 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2634FC95 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:8303F807 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:05113FB9 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:F65733F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.05.2011 15:47:39 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 34,52 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 137,86 Gb Free Space | 95,71% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B25D18-5111-4C6F-BFD9-7C40942CCCC9}" = lport=445 | protocol=6 | dir=in | app=system |
"{33D9AAAF-4C9C-4F61-8C01-A19A4F901712}" = rport=445 | protocol=6 | dir=out | app=system |
"{36B22AED-31FD-4FD6-9F6C-4930DBBC2BB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{662A27FF-E67B-4297-95E0-F6A23EF880E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E7CC4DA-E53E-41DF-8080-E4E9CF306E87}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E9856DF-D427-4AFD-8E99-890A7382928A}" = lport=138 | protocol=17 | dir=in | app=system |
"{7EBF16AD-A5E0-4B2A-B9D4-3988506B22DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{98E98784-F404-42A1-84B7-8CE6863EE917}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D27B7A3-40E5-4B96-8FDA-389D78F63A38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2C9BCB5-70DD-469E-97FE-6029BF54283E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6ADBED8-D28D-4F2A-81CE-5EB09B974C6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AD5C894B-5738-4E0D-B1F1-D08107310F7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF062D50-8DE5-43F7-A2E3-6C46D31A58AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CB00CAB6-1799-47CF-90C7-0A32CF1771DC}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0623DA36-3FF1-4501-B28D-4F4DAB9046D6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0789DA1A-0F7E-4F9D-803D-FC5C262DEB26}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0CDC3CE1-8E88-4210-8125-65A1C956DB9F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0DCA4DDF-70B3-49B1-855E-72F65022E245}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1325DB89-3D3A-42B4-8C4E-C64623401029}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{178A4EFE-592E-4B27-A89D-4B60D73FD840}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1E6D3831-F687-4C68-8657-45C415FCA54F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{204E6FEE-8C69-4274-8309-398ADAA7393E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3205B093-8A49-47A7-9DCE-278B5D5FD566}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{34457551-F88B-4115-B161-91814B42F9F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{345D70FA-8C72-4CAD-A85B-15062DC509E2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3660279A-F289-42A6-B586-2ACC86F140BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4FA45444-FC1C-446B-88BD-702467D390EF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{522BC05F-739A-4383-956D-F115985347A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{546884CE-9B63-41D0-9C12-C56D65ECE17C}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{64032F33-C6E3-443E-BBBA-1C8735D937CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7053158B-C205-43B0-8049-C4E9BC7B6367}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{750CBC73-F724-4278-9555-C11043B36370}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8135349F-4053-44B1-855D-A84510EE42A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8F87F181-D213-46B4-B95E-72FC40ACED22}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{94888DEE-4D15-4FC9-8EA6-1F2E7DBBCFD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9BF6F5EF-E724-47D9-BDEB-E32CA4863130}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CA04072-D4AE-48F7-B8AA-A1975D8F3B2D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B0B0F756-D64D-479B-B3C8-F6272DD08D5F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{B737E5B8-BFC5-4F96-8F01-1660C5D7A5D6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CA105E04-9340-47C0-BE1D-7081708658CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CC641B0A-D41D-4176-9290-765F921AB3F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1541ADB-00E4-4D0A-8564-B77F1565CACE}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{E1F0F3DA-A0B0-4EB0-B907-67EEBBF5BFC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{EF2874EE-9906-4070-8422-5D7BC97E15DC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F0F57812-A9F8-4284-96F0-7B3132BE2AD6}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{F3C16E14-FCAE-4FF3-B8DC-BA2FBFB2E428}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F6173754-B0AD-4299-AE04-B7064E676E13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0AE476EF-1794-46F2-BFA3-C8789A2B2464}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F22FEA7E-CDF9-489E-90A3-FCA08B2585B0}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{1A34F3E4-3524-464F-A448-B6D68465241F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{30F2FB40-813B-4E3C-B6E8-418198134FB0}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}" = Womens Murder Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.1
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPUCooL" = CPUCooL (remove only)
"DivX Setup.divx.com" = DivX-Setup
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Lexmark 2300 Series" = Lexmark 2300 Series
"LManager" = Launch Manager
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TMM70" = TELL ME MORE
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2011 09:35:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F03E0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000036F0
Cleanup:
0
Error - 06.05.2011 09:35:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F0560 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004D0
Cleanup:
0
Error - 06.05.2011 09:36:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F03E0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x0000370C
Cleanup:
0
Error - 06.05.2011 09:36:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F0560 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004D0
Cleanup:
0
Error - 06.05.2011 09:37:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F03E0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x00003730
Cleanup:
0
Error - 06.05.2011 09:37:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F0560 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004D0
Cleanup:
0
Error - 06.05.2011 09:38:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F03E0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x0000075C
Cleanup:
0
Error - 06.05.2011 09:38:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F0560 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004D0
Cleanup:
0
Error - 06.05.2011 09:39:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F03E0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x00003748
Cleanup:
0
Error - 06.05.2011 09:39:09 | Computer Name = Computer | Source = ESENT | ID = 624
Description = Windows (3620) Windows: Der Versionsspeicher für Instanz 0 kann nicht
wachsen, weil er Fehler des Typs "Nicht genügend Speicher" vom Betriebssystem empfängt.
Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des
Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis
für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang
durchgeführt wurde. Aktuelle Größe des Versionsspeichers für diese Instanz: 0 MB Maximale
Größe des Versionsspeichers für diese Instanz: 127 MB Globaler vorreservierter Speicher
für alle Versionsspeicher: 0 MB Mögliche lange andauernde Transaktion: Sitzungs-ID:
0x010F0560 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004D0
Cleanup:
0
[ OSession Events ]
Error - 08.03.2011 06:58:23 | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.06.2009 19:03:35 | Computer Name = wonderland-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 212.201.87.247 für die Netzwerkkarte mit der Netzwerkadresse
001EECE040A1 wurde durch den DHCP-Server 129.70.182.24 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 07.06.2009 04:53:33 | Computer Name = wonderland-PC | Source = HTTP | ID = 15016
Description =
Error - 07.06.2009 04:55:12 | Computer Name = wonderland-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2009 08:03:28 | Computer Name = wonderland-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 212.201.87.37 für die Netzwerkkarte mit der Netzwerkadresse
001EECE040A1 wurde durch den DHCP-Server 129.70.182.24 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 07.06.2009 14:23:46 | Computer Name = wonderland-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 212.201.87.128 für die Netzwerkkarte mit der Netzwerkadresse
001EECE040A1 wurde durch den DHCP-Server 129.70.182.24 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 07.06.2009 20:09:04 | Computer Name = wonderland-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 212.201.87.182 für die Netzwerkkarte mit der Netzwerkadresse
001EECE040A1 wurde durch den DHCP-Server 129.70.182.24 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 08.06.2009 02:05:39 | Computer Name = wonderland-PC | Source = HTTP | ID = 15016
Description =
Error - 08.06.2009 02:07:20 | Computer Name = wonderland-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.06.2009 06:00:53 | Computer Name = wonderland-PC | Source = HTTP | ID = 15016
Description =
Error - 08.06.2009 06:02:36 | Computer Name = wonderland-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-06 17:07:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006c Hitachi_ rev.FB4O
Running: g2m3e4r.exe; Driver: C:\Users\***Z~1\AppData\Local\Temp\kxldqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\rmcast2k.sys ZwCreateKey [0x901512B9]
SSDT \SystemRoot\system32\drivers\rmcast2k.sys ZwEnumerateKey [0x90151CF9]
SSDT \SystemRoot\system32\drivers\rmcast2k.sys ZwOpenKey [0x9015121A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1E9 834B396C 4 Bytes [B9, 12, 15, 90]
.text ntkrnlpa.exe!KeSetEvent + 2FD 834B3A80 4 Bytes [F9, 1C, 15, 90] {STC ; SBB AL, 0x15; NOP }
.text ntkrnlpa.exe!KeSetEvent + 3DD 834B3B60 4 Bytes [1A, 12, 15, 90]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F400340, 0x3F97E7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[15332] ntdll.dll!LdrLoadDll 778093A8 5 Bytes JMP 00A11410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Windows\explorer.exe[15376] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7660B37C 4 Bytes [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs Wdfex.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
| Themen zu Werde ich ausspioniert? |
| 32 bit, alternate, antivir, ausspioniert, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, e-mail, error, excel.exe, fehler, firefox, format, google, google chrome, home, install.exe, intranet, launch, location, locker, logfile, lws.exe, microsoft office word, mozilla, mp3, mywinlocker, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, popup, realtek, registry, rundll, safer networking, scan, searchplugins, security, security update, skype.exe, software, start menu, vista |
Baum-Darstellung