Trojaner-Board - Malwarefund und geht nicht zu löschen ?

OTL Logfile:

Code:

OTL logfile created on: 10.07.2012 19:23:41 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free

3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS

Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32

 

Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.10 19:19:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe

PRC - [2012.07.09 15:38:09 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

PRC - [2012.07.09 15:37:51 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

PRC - [2012.05.11 19:03:26 | 005,798,008 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\Drive Manager.exe

PRC - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe

PRC - [2012.05.11 19:00:08 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\ABRTMon.exe

PRC - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2012.05.03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe

PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.04.30 21:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe

PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe

PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.02.15 18:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.09 15:38:18 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll

MOD - [2012.07.09 15:37:51 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2010.03.09 04:55:56 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll

MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2012.07.09 15:38:09 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012.06.24 18:37:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.17 12:44:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)

SRV - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.05.06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2007.03.17 05:39:33 | 000,069,120 | ---- | M] (Google) [Disabled | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)

SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [Disabled | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\koko\AppData\Local\Temp\mvd23.sys -- (mvd23)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\koko\AppData\Local\Temp\mdf16.sys -- (mdf16)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.07.10 19:10:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012.01.09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2012.01.09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)

DRV - [2012.01.09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)

DRV - [2011.12.09 15:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2011.07.08 12:00:06 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.03.09 04:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)

DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2007.05.07 18:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.01.13 11:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2006.11.15 18:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006.11.15 13:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.11.15 11:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

DRV - [2006.09.15 09:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/homehxxp://start.icq.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={0BB596F6-BB22-49A3-8775-1C1EB737F73D}&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&lang=de&ds=od011&pr=sa&d=2012-05-04 08:15:19&v=10.2.0.3&sap=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{11C92E48-4956-4105-8E94-88515993BA06}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=ad47cccf-8441-41e9-a4ca-f572fd14c9ed&apn_sauid=719C709C-8000-4188-BB1B-9BE61182E877

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0BB596F6-BB22-49A3-8775-1C1EB737F73D}&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&lang=de&ds=od011&pr=sa&d=2012-05-04 08:15:19&v=10.2.0.3&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{A15FB888-6D18-487F-9C14-0A1A30FDC6F5}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKCU\..\SearchScopes\{B2E9C3FE-B89B-45E4-81CA-BD844E5D5774}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

IE - HKCU\..\SearchScopes\{CA7F8405-62F4-4BAA-99C4-DB0586F5D9EC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKCU\..\SearchScopes\{D1AE0112-EDA5-4654-933A-F069AA9462F2}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich

IE - HKCU\..\SearchScopes\{F94EFDD1-BE7F-4B66-AFFD-5E7ACADACFE1}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.2.5.2

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0

FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B7661ed75-3f71-4c3e-9998-a9e6b43a6702%7D&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-05-04%2008%3A15%3A19&sap=ku&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.29 01:04:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.09 17:24:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 15:39:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 12:44:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 08:12:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.29 01:04:40 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 12:44:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 08:12:14 | 000,000,000 | ---D | M]

 

[2010.05.27 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\koko\AppData\Roaming\mozilla\Extensions

[2012.07.04 16:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions

[2012.06.09 16:10:11 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions\ffxtlbr@zonealarm.com

[2012.02.03 16:46:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions\toolbar@ask.com

[2011.11.04 17:52:17 | 000,000,933 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\11-suche.xml

[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\askcom.xml

[2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\conduit.xml

[2011.11.04 17:52:18 | 000,002,419 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\englische-ergebnisse.xml

[2011.11.04 17:52:17 | 000,010,525 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\gmx-suche.xml

[2011.03.30 16:27:54 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-1.xml

[2011.06.26 16:18:44 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-10.xml

[2011.08.18 10:00:50 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-11.xml

[2010.07.21 13:46:58 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-2.xml

[2010.09.10 12:56:49 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-3.xml

[2010.10.21 11:36:45 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-4.xml

[2010.10.31 16:47:19 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-5.xml

[2011.03.05 16:55:57 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-6.xml

[2011.03.25 11:20:34 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-7.xml

[2011.03.25 11:24:47 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-8.xml

[2011.04.29 18:31:36 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-9.xml

[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin.xml

[2011.11.04 17:52:18 | 000,002,457 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\lastminute.xml

[2011.10.01 19:40:26 | 000,005,508 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\webde-suche.xml

[2012.06.07 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.21 17:27:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.02.19 19:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010.02.19 19:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2012.06.07 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions

[2012.06.07 18:30:17 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de

[2012.06.29 10:39:01 | 000,572,017 | ---- | M] () (No name found) -- C:\USERS\KOKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPXZFDFV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.06.17 12:44:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.09 15:37:40 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Ask Toolbar = C:\Users\koko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib\7.14.1.20074_0\

CHR - Extension: Skype Click to Call = C:\Users\koko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)

O4 - HKCU..\Run: [Tabkb] C:\Users\koko\AppData\Roaming\javafree\linktwain.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{729252D1-3936-47DE-8AED-28228B1095C1}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - Unable to obtain root file information for disk D:\

O33 - MountPoints2\{35eeb155-ed71-11de-a354-0016d381dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{35eeb155-ed71-11de-a354-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{cff46e87-89a1-11de-85f7-0016d381dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{cff46e87-89a1-11de-85f7-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{fc799a9b-82b6-11de-972e-0016d381dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{fc799a9b-82b6-11de-972e-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.10 19:18:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe

[2012.07.10 19:10:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.07.09 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Roaming\Avira

[2012.07.09 19:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.07.09 19:01:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.07.09 19:01:14 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.07.09 19:01:14 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.07.09 19:01:14 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.07.09 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.07.09 19:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.06.28 09:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus

[2012.06.28 09:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2012.06.25 16:49:33 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Local\Macromedia

[2012.06.21 13:34:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012.06.21 13:34:25 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012.06.21 13:33:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012.06.21 13:32:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012.06.21 13:32:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012.06.21 13:32:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012.06.21 13:32:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012.06.18 19:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012.06.13 18:34:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.06.13 18:34:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.06.13 18:34:07 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012.06.13 18:34:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.06.13 18:34:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2012.06.13 18:33:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2012.06.13 18:33:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2012.06.13 18:33:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.06.13 18:33:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2012.06.13 18:33:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.06.13 18:33:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2012.06.13 18:33:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2012.06.13 18:33:53 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2012.06.13 18:33:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2012.06.13 18:33:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2012.06.13 18:33:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2012.06.13 18:33:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2012.06.13 18:33:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.06.13 18:32:48 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.06.12 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Local\AVG Secure Search

[2009.10.20 20:32:57 | 001,169,736 | ---- | C] (Microsoft Corporation) -- C:\Users\koko\AppData\Roaming\L6H2CKMLTP.exe

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.10 19:37:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.10 19:19:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe

[2012.07.10 19:10:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.07.10 18:33:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.10 18:33:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.10 18:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.09 19:02:50 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.07.09 16:26:33 | 000,644,614 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.07.09 16:26:33 | 000,609,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.07.09 16:26:33 | 000,132,934 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.07.09 16:26:33 | 000,109,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.07.09 15:54:26 | 000,003,550 | ---- | M] () -- C:\Users\koko\AppData\Roaming\qwg

[2012.07.06 16:17:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.03 18:48:24 | 000,012,978 | ---- | M] () -- C:\Users\koko\AppData\Roaming\nvModes.001

[2012.06.28 11:37:38 | 000,433,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.06.28 09:27:20 | 000,001,623 | ---- | M] () -- C:\Users\koko\Desktop\Desktop\Samsung Drive Manager.lnk

[2012.06.28 09:27:20 | 000,001,605 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk

[2012.06.24 18:37:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.06.24 18:37:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Local\wscntfy.exe

[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Roaming\lsmass.exe

[2012.06.15 10:46:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.15 10:46:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.09 19:02:50 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.07.04 16:31:38 | 000,003,550 | ---- | C] () -- C:\Users\koko\AppData\Roaming\qwg

[2012.06.28 09:27:20 | 000,001,623 | ---- | C] () -- C:\Users\koko\Desktop\Desktop\Samsung Drive Manager.lnk

[2012.06.28 09:27:20 | 000,001,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk

[2012.06.17 13:11:54 | 054,525,952 | -H-- | C] () -- C:\Users\koko\AppData\Roaming\lsmass.exe

[2012.06.17 13:11:50 | 054,525,952 | -H-- | C] () -- C:\Users\koko\AppData\Local\wscntfy.exe

[2012.05.03 09:36:13 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2012.03.26 13:40:25 | 000,028,259 | ---- | C] () -- C:\Users\koko\AppData\Roaming\adv

[2012.02.23 19:09:30 | 000,000,805 | ---- | C] () -- C:\Users\koko\AppData\Roaming\kokov1.18.0 - Trial version.vbs

[2012.02.02 15:08:10 | 021,175,189 | ---- | C] () -- C:\Users\koko\AppData\Roaming\vlc-1.1.11-win32.exe

[2011.12.12 17:14:55 | 000,622,080 | -HS- | C] () -- C:\Users\koko\ehthumbs_vista.db

[2011.10.09 16:45:45 | 000,000,680 | ---- | C] () -- C:\Users\koko\AppData\Local\d3d9caps.dat

[2011.03.24 12:34:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2011.03.24 12:34:31 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2011.03.24 12:34:30 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2011.03.24 12:34:30 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2011.03.24 12:34:29 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2011.03.24 12:34:29 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2011.03.24 12:34:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

[2011.03.23 17:25:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.09.27 15:46:03 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.09.27 15:46:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.08.23 11:38:42 | 000,000,000 | ---- | C] () -- C:\Users\koko\AppData\Roaming\.NANotifyHere

[2009.07.12 13:54:10 | 000,000,000 | ---- | C] () -- C:\Users\koko\AppData\Roaming\wklnhst.dat

[2009.07.12 11:00:50 | 000,000,298 | ---- | C] () -- C:\Users\koko\koko.lnk

[2009.07.02 16:38:09 | 000,228,352 | ---- | C] () -- C:\Users\koko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.06.30 23:13:40 | 000,000,092 | ---- | C] () -- C:\Users\koko\AppData\Local\fusioncache.dat

[2009.06.29 21:34:15 | 000,012,978 | ---- | C] () -- C:\Users\koko\AppData\Roaming\nvModes.001

[2009.06.29 21:34:14 | 000,012,978 | ---- | C] () -- C:\Users\koko\AppData\Roaming\nvModes.dat

[2005.04.08 04:16:43 | 000,326,704 | -H-- | C] () -- C:\Users\koko\AppData\Roaming\kokov1.18.0 - Trial versionlog.dat

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.04.21 12:18:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012.03.25 15:41:11 | 000,000,000 | -HSD | M] -- C:\AI_RecycleBin

[2011.10.06 18:23:10 | 000,000,000 | -HSD | M] -- C:\Boot

[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.06.29 21:17:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.11.30 13:38:44 | 000,000,000 | ---D | M] -- C:\MIR

[2009.07.24 16:28:46 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009.07.15 18:01:57 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.07.09 19:01:06 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.07.09 19:01:06 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.06.29 21:17:32 | 000,000,000 | -HSD | M] -- C:\Programme

[2007.03.17 05:52:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.07.10 19:35:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.03.01 21:29:08 | 000,000,000 | ---D | M] -- C:\Temp

[2011.12.12 17:04:16 | 000,000,000 | R--D | M] -- C:\Users

[2012.07.10 18:25:10 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Local\wscntfy.exe

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2009.07.02 18:39:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2009.07.02 18:39:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009.07.02 18:39:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.07.02 19:14:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2009.07.02 19:14:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2009.07.02 18:39:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_bd7fd3de\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.02 18:07:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2009.07.02 18:07:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

 
 < %systemroot%\System32\config\*.sav >

[2009.06.29 23:57:16 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2009.06.29 23:57:13 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2009.06.29 23:57:17 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2009.06.29 23:57:26 | 015,679,488 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2009.06.29 23:57:33 | 010,997,760 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll

[2011.03.10 19:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll

[2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

 
 < %USERPROFILE%\*.* >

[2012.03.03 13:34:55 | 000,622,080 | -HS- | M] () -- C:\Users\koko\ehthumbs_vista.db

[2009.07.12 11:00:50 | 000,000,298 | ---- | M] () -- C:\Users\koko\koko.lnk

[2012.07.10 20:48:48 | 004,456,448 | -HS- | M] () -- C:\Users\koko\ntuser.dat

[2012.07.10 20:48:48 | 000,262,144 | -H-- | M] () -- C:\Users\koko\ntuser.dat.LOG1

[2009.06.29 23:09:00 | 000,000,000 | -H-- | M] () -- C:\Users\koko\ntuser.dat.LOG2

[2011.05.15 15:33:10 | 000,000,000 | -H-- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_new.LOG1

[2011.05.15 15:33:10 | 000,000,000 | -H-- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_new.LOG2

[2011.10.06 18:23:36 | 002,621,440 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_old

[2012.07.10 18:32:12 | 000,065,536 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TM.blf

[2012.07.10 18:32:12 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2011.05.15 19:39:00 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2009.10.26 03:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2009.10.26 03:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009.06.29 23:09:02 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2011.05.15 15:33:16 | 000,065,536 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TM.blf

[2011.05.15 15:33:16 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TMContainer00000000000000000001.regtrans-ms

[2009.10.28 01:33:02 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TMContainer00000000000000000002.regtrans-ms

[2011.10.09 18:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TM.blf

[2011.10.09 18:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2011.10.06 21:40:16 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2009.06.30 23:11:51 | 000,000,020 | -HS- | M] () -- C:\Users\koko\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

--- --- ---

Ich hoffe es ist richtig soOTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 10.07.2012 19:23:41 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free

3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS

Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32

 

Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08C9A7C6-60DC-4E21-A843-4396AB76E2D5}" = lport=138 | protocol=17 | dir=in | app=system | 

"{15E093BC-CB13-45BA-8367-FA114ACF4E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1D73CAFB-2486-4E3C-8B22-B5F26125910B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{1E095FD7-EE99-4731-AB32-96354955EEF7}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{22396B87-72B3-499F-B667-F8DCA86990ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2E6F71E7-A460-47AB-82DD-937C43F56E8A}" = rport=445 | protocol=6 | dir=out | app=system | 

"{449A334E-EFDB-4414-A4E7-270DFEEC6280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{50E4AA3E-511D-493D-A4D7-0DD4E773324B}" = rport=138 | protocol=17 | dir=out | app=system | 

"{525CA16D-538D-4416-AC3F-C9C5BCEC1136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5663512A-63C4-49AF-AD8B-890465A38838}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5960ADF0-8FDD-4BE3-8718-B75DDC8212C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{630C8B80-CFC0-483F-850D-4D8BFBB51940}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{6C202C3A-E867-47ED-99B2-6B9D10F59809}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{7A2237FF-215A-40C6-AB76-3FD6135CA06C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{88CD8517-D870-4092-80FC-CBE7577D7371}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8E144217-BC41-41D7-8699-F5B134B526FD}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{92B22287-A34A-40CE-901C-4AC2F7BBB503}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9B69236D-FFC2-4626-B05F-9323208A483F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A6FDFF23-3088-495B-B31E-BE45A9EF9F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A7BC5FA3-C07D-4F7A-810C-FA3EE2715AB8}" = rport=137 | protocol=17 | dir=out | app=system | 

"{B8F489D6-FAF7-4081-8863-C77C44914C4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{BBDF7697-C4F2-4980-9500-F7AE235A747E}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{BDF7414B-D462-4ED0-9E66-C7AB821319DA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{C77AB697-7600-4895-9217-3232065FA895}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{CBD45DD9-5068-4F69-9F4D-404F7209451D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{CC120102-54A4-4F72-B15B-80832B56F195}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D2901A47-85B6-41AE-9464-FC52DCA0E0FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D7C0EFC9-FFD6-428C-B7C0-F2814388B6C7}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D7C1B059-7F39-41B3-9E7B-EE98876F0B45}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{E0DEA15D-5A77-4AE9-BFF7-ECFF86AD03DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F149F0AC-83FA-4C1C-89D7-266A2D9FBA94}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{F5D77BF5-00C8-4849-863A-6CFC8910C00C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{FC0AEB51-1151-4E72-81E1-3D447D3603B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0772FED8-4FF9-44AA-A652-C54687ADF9F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{0B60022A-DBA3-4600-9286-BA9C32FBC85F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{149F328A-15BE-4C91-8227-604097EE228C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{149F9EA4-8159-463C-96EE-8E5049D19C00}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{18CD464C-4B67-45C6-A093-17F19FCAB008}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1DF398E3-7686-4C51-A249-D675BC87FCA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{28CDC4B2-2F72-4812-97AF-0BAB6BA24054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{2C4CAD1F-B7EC-41C5-B949-C8FCDCCAE564}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{40349BEC-3D1D-4509-B54A-BAC4A144C8A4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{441DD61E-62B1-4701-AF6F-979F9BB8EC80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{4D975038-8F3A-4F8E-A979-74E772D35E08}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{55DFF150-0012-4579-B9A3-719030462475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{56D85DC9-9E3D-4F81-BC8E-315699560FA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{5EE8BC53-6A7A-4F35-8C97-0E97DB868A88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 

"{65176B7B-825D-4BA2-93F8-3F7E03B03616}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{7E9BEE50-0D98-436B-BAB9-4F429BE7A6E0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 

"{7FFE2CCC-0024-4C0B-BA48-7B1427743CB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{87F88E80-E1ED-429B-B529-86E6AC3D683D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{8A96E87A-4018-4737-AFB3-5804218A7D06}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{8C3ACBD4-E528-417E-8C3E-DB62D9C6AA0D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 

"{93AAF8BD-D31C-4190-8357-E500CE13A96F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{999944ED-785D-4664-A520-7D87409ACCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{A016169D-5BEE-421B-8E0E-FB07988ED984}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 

"{A502A3A8-564B-48F7-B8F5-94DDE0AE0BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{AC65C952-C236-42ED-91CB-7B9E5956C661}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{AEA95535-A543-4F85-9C82-0D3D75ACD894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 

"{AEA98BB8-5F53-418E-80C3-AD74A91EF2C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{BB0D2312-F31E-4803-9279-C28AFB5C5819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{C346B6A6-650D-4485-AFF3-76904B034A28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{C83D9ED7-1D0F-4D49-AE0E-495798ACEF16}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{D304B9BE-C129-45A4-9191-5F1F0A2D9AD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{D3F21E5F-1F40-4BEC-950D-0310ADE21B16}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{D43D3D02-06B2-43CF-A00F-4D555B561976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{D9ACC3C3-82E5-4C59-A62A-1D0D578A24FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E335E526-8BB2-4246-8618-5C491436CF84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{E36B9CC0-60B2-49CF-BAEC-FDD2A4EDE5A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E51C589A-7EB4-4CB2-86CD-477D98F0198A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{E6DF44BE-455F-4DC6-9018-2C25E180629B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{E77A6012-C962-49AF-987D-3191EFA16035}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{EA62DC74-E932-4F37-B49D-0F88BB16929A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{F0275DD9-890B-4F9E-A401-F1D5C9503F4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{FAF1A26B-90DA-4EE7-B4A7-AF853F2F4411}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"TCP Query User{00E6C289-8524-44ED-9B49-8F5B1595987C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{46844920-4621-4A4F-A6C9-B696C203041B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager

"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"CCleaner" = CCleaner (remove only)

"Das Vermächtnis der Insel 2" = Das Vermächtnis der Insel 2

"DivX Setup.divx.com" = DivX-Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"LetsTrade" = LetsTrade Komponenten

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"SpeedCrunch_is1" = SpeedCrunch 0.10

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"Uninstall_is1" = Uninstall 1.0.0.1

"Unlocker" = Unlocker 1.8.9

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 2.0.1

"WEB.DE Update" = WEB.DE Update

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR

"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.02

"XMedia Recode" = XMedia Recode 3.0.9.6

"Xvid_is1" = Xvid 1.1.3 final uninstall

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 

"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.05.2011 12:21:33 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:33:54 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 13:24:46 | Computer Name = koko-PC | Source = Application Hang | ID = 1002

Description = Programm AcroRd32.exe, Version 8.2.6.262 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: b04  Anfangszeit: 01cc1649012504c6  Zeitpunkt der Beendigung:

 36

 

[ Media Center Events ]

Error - 11.12.2011 06:15:47 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505

Description = 

 

Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505

Description = 

 

Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 12.12.2011 11:05:05 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

Error - 29.12.2011 14:40:43 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

Error - 03.03.2012 07:05:26 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301

Description = 

 

Error - 03.03.2012 07:05:33 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301

Description = 

 

Error - 03.03.2012 07:06:42 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

[ OSession Events ]

Error - 07.02.2011 04:21:25 | Computer Name = koko-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:

 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:31:53 | Computer Name = koko-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---

Ich hoffe es ist richtig soOTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 10.07.2012 19:23:41 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free

3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS

Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32

 

Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08C9A7C6-60DC-4E21-A843-4396AB76E2D5}" = lport=138 | protocol=17 | dir=in | app=system | 

"{15E093BC-CB13-45BA-8367-FA114ACF4E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1D73CAFB-2486-4E3C-8B22-B5F26125910B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{1E095FD7-EE99-4731-AB32-96354955EEF7}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{22396B87-72B3-499F-B667-F8DCA86990ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2E6F71E7-A460-47AB-82DD-937C43F56E8A}" = rport=445 | protocol=6 | dir=out | app=system | 

"{449A334E-EFDB-4414-A4E7-270DFEEC6280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{50E4AA3E-511D-493D-A4D7-0DD4E773324B}" = rport=138 | protocol=17 | dir=out | app=system | 

"{525CA16D-538D-4416-AC3F-C9C5BCEC1136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5663512A-63C4-49AF-AD8B-890465A38838}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5960ADF0-8FDD-4BE3-8718-B75DDC8212C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{630C8B80-CFC0-483F-850D-4D8BFBB51940}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{6C202C3A-E867-47ED-99B2-6B9D10F59809}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{7A2237FF-215A-40C6-AB76-3FD6135CA06C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{88CD8517-D870-4092-80FC-CBE7577D7371}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8E144217-BC41-41D7-8699-F5B134B526FD}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{92B22287-A34A-40CE-901C-4AC2F7BBB503}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9B69236D-FFC2-4626-B05F-9323208A483F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A6FDFF23-3088-495B-B31E-BE45A9EF9F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A7BC5FA3-C07D-4F7A-810C-FA3EE2715AB8}" = rport=137 | protocol=17 | dir=out | app=system | 

"{B8F489D6-FAF7-4081-8863-C77C44914C4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{BBDF7697-C4F2-4980-9500-F7AE235A747E}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{BDF7414B-D462-4ED0-9E66-C7AB821319DA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{C77AB697-7600-4895-9217-3232065FA895}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{CBD45DD9-5068-4F69-9F4D-404F7209451D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{CC120102-54A4-4F72-B15B-80832B56F195}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D2901A47-85B6-41AE-9464-FC52DCA0E0FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D7C0EFC9-FFD6-428C-B7C0-F2814388B6C7}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D7C1B059-7F39-41B3-9E7B-EE98876F0B45}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{E0DEA15D-5A77-4AE9-BFF7-ECFF86AD03DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F149F0AC-83FA-4C1C-89D7-266A2D9FBA94}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{F5D77BF5-00C8-4849-863A-6CFC8910C00C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{FC0AEB51-1151-4E72-81E1-3D447D3603B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0772FED8-4FF9-44AA-A652-C54687ADF9F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{0B60022A-DBA3-4600-9286-BA9C32FBC85F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{149F328A-15BE-4C91-8227-604097EE228C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{149F9EA4-8159-463C-96EE-8E5049D19C00}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{18CD464C-4B67-45C6-A093-17F19FCAB008}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1DF398E3-7686-4C51-A249-D675BC87FCA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{28CDC4B2-2F72-4812-97AF-0BAB6BA24054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{2C4CAD1F-B7EC-41C5-B949-C8FCDCCAE564}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{40349BEC-3D1D-4509-B54A-BAC4A144C8A4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{441DD61E-62B1-4701-AF6F-979F9BB8EC80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{4D975038-8F3A-4F8E-A979-74E772D35E08}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{55DFF150-0012-4579-B9A3-719030462475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{56D85DC9-9E3D-4F81-BC8E-315699560FA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{5EE8BC53-6A7A-4F35-8C97-0E97DB868A88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 

"{65176B7B-825D-4BA2-93F8-3F7E03B03616}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{7E9BEE50-0D98-436B-BAB9-4F429BE7A6E0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 

"{7FFE2CCC-0024-4C0B-BA48-7B1427743CB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{87F88E80-E1ED-429B-B529-86E6AC3D683D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{8A96E87A-4018-4737-AFB3-5804218A7D06}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{8C3ACBD4-E528-417E-8C3E-DB62D9C6AA0D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 

"{93AAF8BD-D31C-4190-8357-E500CE13A96F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{999944ED-785D-4664-A520-7D87409ACCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{A016169D-5BEE-421B-8E0E-FB07988ED984}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 

"{A502A3A8-564B-48F7-B8F5-94DDE0AE0BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{AC65C952-C236-42ED-91CB-7B9E5956C661}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{AEA95535-A543-4F85-9C82-0D3D75ACD894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 

"{AEA98BB8-5F53-418E-80C3-AD74A91EF2C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{BB0D2312-F31E-4803-9279-C28AFB5C5819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{C346B6A6-650D-4485-AFF3-76904B034A28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{C83D9ED7-1D0F-4D49-AE0E-495798ACEF16}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{D304B9BE-C129-45A4-9191-5F1F0A2D9AD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{D3F21E5F-1F40-4BEC-950D-0310ADE21B16}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{D43D3D02-06B2-43CF-A00F-4D555B561976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{D9ACC3C3-82E5-4C59-A62A-1D0D578A24FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E335E526-8BB2-4246-8618-5C491436CF84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{E36B9CC0-60B2-49CF-BAEC-FDD2A4EDE5A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E51C589A-7EB4-4CB2-86CD-477D98F0198A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{E6DF44BE-455F-4DC6-9018-2C25E180629B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{E77A6012-C962-49AF-987D-3191EFA16035}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{EA62DC74-E932-4F37-B49D-0F88BB16929A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{F0275DD9-890B-4F9E-A401-F1D5C9503F4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{FAF1A26B-90DA-4EE7-B4A7-AF853F2F4411}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"TCP Query User{00E6C289-8524-44ED-9B49-8F5B1595987C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{46844920-4621-4A4F-A6C9-B696C203041B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager

"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"CCleaner" = CCleaner (remove only)

"Das Vermächtnis der Insel 2" = Das Vermächtnis der Insel 2

"DivX Setup.divx.com" = DivX-Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"LetsTrade" = LetsTrade Komponenten

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"SpeedCrunch_is1" = SpeedCrunch 0.10

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"Uninstall_is1" = Uninstall 1.0.0.1

"Unlocker" = Unlocker 1.8.9

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 2.0.1

"WEB.DE Update" = WEB.DE Update

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR

"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.02

"XMedia Recode" = XMedia Recode 3.0.9.6

"Xvid_is1" = Xvid 1.1.3 final uninstall

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 

"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.05.2011 12:21:33 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 12:33:54 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.05.2011 13:24:46 | Computer Name = koko-PC | Source = Application Hang | ID = 1002

Description = Programm AcroRd32.exe, Version 8.2.6.262 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: b04  Anfangszeit: 01cc1649012504c6  Zeitpunkt der Beendigung:

 36

 

[ Media Center Events ]

Error - 11.12.2011 06:15:47 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505

Description = 

 

Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505

Description = 

 

Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405

Description = 

 

Error - 12.12.2011 11:05:05 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

Error - 29.12.2011 14:40:43 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

Error - 03.03.2012 07:05:26 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301

Description = 

 

Error - 03.03.2012 07:05:33 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301

Description = 

 

Error - 03.03.2012 07:06:42 | Computer Name = koko-PC | Source = McrMgr | ID = 107

Description = 

 

[ OSession Events ]

Error - 07.02.2011 04:21:25 | Computer Name = koko-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:

 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:31:53 | Computer Name = koko-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---