Trojaner-Board - Smart HDD entfernen

Seite 1 von 3

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Smart HDD entfernen (https://www.trojaner-board.de/113717-smart-hdd-entfernen.html)

Chrissi25

16.04.2012 14:07

Smart HDD entfernen

Hallo,
seit gestern habe ich das Problem mit dem Smart HDD Trojaner auf meinem Rechner.
Ich habe mich auch bereits über dieses Problem bei euch im Forum informiert. Da ihr aber immer darauf hinweist, dass keine Anweisungen übertragbar sind, habe ich zunächst das OTL-Programm heruntergeladen und den Scan nach Anweisung durchgeführt. Das zugehörige log-file lautet wie folgt:

Code:

OTL logfile created on: 16.04.2012 14:36:14 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,82% Memory free

6,19 Gb Paging File | 5,69 Gb Available in Paging File | 91,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 7,44 Gb Free Space | 2,57% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,27 Gb Free Space | 14,05% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)

DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}

IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]

 

[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions

[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com

[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net

[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe ()

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe ()

O4 - HKCU..\Run: [PMCRemote]  File not found

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}

[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.03.20 17:27:09 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\Analytica 2012

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.16 14:25:32 | 000,629,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.16 14:25:32 | 000,597,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.16 14:25:32 | 000,126,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.16 14:25:32 | 000,104,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.16 14:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.16 14:18:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.16 14:18:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.16 14:18:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.16 14:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.16 13:57:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.16 13:44:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 21:51:52 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:27 | 000,222,208 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz.exe

[2012.04.15 18:08:14 | 000,302,080 | ---- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe

[2012.04.15 17:18:16 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2012.03.21 16:59:36 | 000,172,837 | ---- | M] () -- C:\Users\Nina\Desktop\Publikationsliste_Wolfgang.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:27 | 000,222,208 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz.exe

[2012.04.15 18:10:18 | 000,302,080 | ---- | C] () -- C:\ProgramData\AlSnqDidGxPete.exe

[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2012.03.21 16:59:36 | 000,172,837 | ---- | C] () -- C:\Users\Nina\Desktop\Publikationsliste_Wolfgang.pdf

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== LOP Check ==========

 

[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online

[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote

[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games

[2012.04.14 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ogug

[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy

[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville

[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC

[2012.04.14 21:42:05 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ryloso

[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template

[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games

[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone

[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent

[2012.04.16 14:18:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Für eure Hilfe möchte ich mich an dieser Stelle bereits bedanken.

kira	16.04.2012 14:46

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Chrissi25

18.04.2012 12:02

Hallo Kira,

vielen Dank, dass du deine Hilfe anbietest.

Habe den vollständigen MBAM-Scan nun durchgeführt. Leider bin ich mir nicht sicher, ob alle gefundenen Infektionen entfernt werden dürfen, da du ja schreibst, dass nichts aus der C:\System Volume Information gelöscht werden sollte. Es wurden 3 Infektionen in der Registry gefunden, darf ich diese entfernen ohne das System zu zerstören?

Anbei das log-file des Scans.

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.17.04
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Nina :: NINA-PC [Administrator]
 

Schutz: Deaktiviert
 

17.04.2012 15:07:42

mbam-log-2012-04-17 (20-17-21).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 479196

Laufzeit: 1 Stunde(n), 23 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{0E72B33F-C093-4B1A-8B7C-90766110C756} (Trojan.Agent.LDCGen) -> Daten: C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Daten: C:\ProgramData\AlSnqDidGxPete.exe -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 4

C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe (Trojan.Agent.LDCGen) -> Keine Aktion durchgeführt.

C:\ProgramData\AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.

C:\ProgramData\EwxRa6k2hb2uaz.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.

C:\Users\Nina\AppData\Local\Temp\JMtRMJkFo8pUdz.exe.tmp (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
 

(Ende)

Vielen Dank!

kira	18.04.2012 17:21

alle Schritte im normalen Modus ausführen!:

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
dann noch 2. und 3. auch erledigen

Chrissi25

24.04.2012 16:25

Hallo Kira,

zunächst möchte ich mich entschuldigen, dass alles so lange gedauert hat.

Habe erstmal die MBAM-Software aktualisiert und danach den Komplett-Scan im Normal-Modus gestartet.
Hier das zugehörige log-file:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.24.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Nina :: NINA-PC [Administrator]
 

Schutz: Aktiviert
 

24.04.2012 13:55:07

mbam-log-2012-04-24 (13-55-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 482128

Laufzeit: 2 Stunde(n), 15 Minute(n), 35 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{0E72B33F-C093-4B1A-8B7C-90766110C756} (Trojan.Agent.LDCGen) -> Daten: C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe (Trojan.Agent.LDCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Danach habe ich nochmals OTL als Admin laufen lassen.

Extras.Txt-log-file:

Code:

OTL Extras logfile created on: 24.04.2012 17:09:07 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 

"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 

"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 

"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 

"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 

"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{5F65F827-5717-4D39-9B9C-9430316D8F49}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 

"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{A958E700-32B9-4CEA-BA0C-C775A001433C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 

"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30

"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety

"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server

"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"AIM_6" = AIM

"CCleaner" = CCleaner

"Chromas" = Chromas

"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8

"conduitEngine" = Conduit Engine

"Der Hummelfluch" = W&G - Der Hummelfluch

"Der Stein der Weisen" = Der Stein der Weisen

"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging

"GENtle" = GENtle

"Giraffic" = Giraffic Video Accelerator

"Google Chrome" = Google Chrome

"GridinSoft Trojan Killer" = Trojan Killer

"Holly im Wunderland" = Holly im Wunderland

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HPLaserJetP3005" = HP LaserJet P3005

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Jump Jack" = Jump Jack

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"NVIDIA Drivers" = NVIDIA Drivers

"Peggle Deluxe 1.03" = Peggle Deluxe 1.03

"PirateVille" = PirateVille

"PROPLUS" = Microsoft Office Professional Plus 2007

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"Schlag den Raab_is1" = Schlag den Raab

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"ST6UNST #1" = pDRAW32

"SuperTux_is1" = SuperTux 0.1.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Urlaub Unter Tage" = W&G - Urlaub Unter Tage

"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.2.8

"Xvid_is1" = Xvid 1.1.3 final uninstall

"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space

"Zune" = Zune

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.04.2012 08:39:56 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.04.2012 10:03:20 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002

Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1308  Anfangszeit: 01cd1fbcef304fec  Zeitpunkt der Beendigung:

 0

 

Error - 21.04.2012 10:43:33 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel

 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0xe0, Anwendungsstartzeit

 01cd1fbc36e0890c.

 

Error - 21.04.2012 11:24:31 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 

0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x16d0, 

Anwendungsstartzeit 01cd1fd2b597cc2c.

 

Error - 21.04.2012 17:20:05 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 22.04.2012 08:35:05 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.04.2012 07:16:22 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.04.2012 07:06:50 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.04.2012 08:08:22 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel

 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x948, Anwendungsstartzeit

 01cd220a58ff6b4d.

 

Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0

Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 

'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

 

[ OSession Events ]

Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729

 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452

 seconds with 2220 seconds of active time.  This session ended with a crash.

 

Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681

 seconds with 3660 seconds of active time.  This session ended with a crash.

 

Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718

 seconds with 1860 seconds of active time.  This session ended with a crash.

 

Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146

 seconds with 5580 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 

        Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8202.0     Fehlercode:

 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.

 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie

 unter "Hilfe und Support". 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

 

< End of report >

OTL.Txt-log-file:

Code:

OTL logfile created on: 24.04.2012 17:09:07 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)

PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

PRC - C:\Windows\SMINST\BLService.exe ()

PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)

DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}

IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]

 

[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions

[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com

[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net

[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found

O4 - HKCU..\Run: [PMCRemote]  File not found

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs

[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes

[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}

[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys

[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Chrissi25

24.04.2012 16:29

Danach habe ich nochmals OTL als Admin laufen lassen.

Extras.Txt-log-file:

Code:

OTL Extras logfile created on: 24.04.2012 17:09:07 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 

"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 

"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 

"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 

"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 

"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{5F65F827-5717-4D39-9B9C-9430316D8F49}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 

"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{A958E700-32B9-4CEA-BA0C-C775A001433C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 

"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30

"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety

"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server

"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"AIM_6" = AIM

"CCleaner" = CCleaner

"Chromas" = Chromas

"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8

"conduitEngine" = Conduit Engine

"Der Hummelfluch" = W&G - Der Hummelfluch

"Der Stein der Weisen" = Der Stein der Weisen

"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging

"GENtle" = GENtle

"Giraffic" = Giraffic Video Accelerator

"Google Chrome" = Google Chrome

"GridinSoft Trojan Killer" = Trojan Killer

"Holly im Wunderland" = Holly im Wunderland

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HPLaserJetP3005" = HP LaserJet P3005

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Jump Jack" = Jump Jack

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"NVIDIA Drivers" = NVIDIA Drivers

"Peggle Deluxe 1.03" = Peggle Deluxe 1.03

"PirateVille" = PirateVille

"PROPLUS" = Microsoft Office Professional Plus 2007

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"Schlag den Raab_is1" = Schlag den Raab

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"ST6UNST #1" = pDRAW32

"SuperTux_is1" = SuperTux 0.1.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Urlaub Unter Tage" = W&G - Urlaub Unter Tage

"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.2.8

"Xvid_is1" = Xvid 1.1.3 final uninstall

"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space

"Zune" = Zune

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.04.2012 08:39:56 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.04.2012 10:03:20 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002

Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1308  Anfangszeit: 01cd1fbcef304fec  Zeitpunkt der Beendigung:

 0

 

Error - 21.04.2012 10:43:33 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel

 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0xe0, Anwendungsstartzeit

 01cd1fbc36e0890c.

 

Error - 21.04.2012 11:24:31 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 

0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x16d0, 

Anwendungsstartzeit 01cd1fd2b597cc2c.

 

Error - 21.04.2012 17:20:05 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 22.04.2012 08:35:05 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.04.2012 07:16:22 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.04.2012 07:06:50 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.04.2012 08:08:22 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel

 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x948, Anwendungsstartzeit

 01cd220a58ff6b4d.

 

Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0

Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 

'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

 

[ OSession Events ]

Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729

 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452

 seconds with 2220 seconds of active time.  This session ended with a crash.

 

Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681

 seconds with 3660 seconds of active time.  This session ended with a crash.

 

Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718

 seconds with 1860 seconds of active time.  This session ended with a crash.

 

Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146

 seconds with 5580 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 

        Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8202.0     Fehlercode:

 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.

 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie

 unter "Hilfe und Support". 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:

      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:

 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 

        Signaturtyp:

 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der

 Servername oder die Serveradresse konnte nicht verarbeitet werden. 

 

 

< End of report >

OTL.Txt-log-file:

Code:

OTL logfile created on: 24.04.2012 17:09:07 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)

PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

PRC - C:\Windows\SMINST\BLService.exe ()

PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)

DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}

IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]

 

[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions

[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com

[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net

[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found

O4 - HKCU..\Run: [PMCRemote]  File not found

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs

[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes

[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}

[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys

[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Chrissi25

24.04.2012 16:30

Anschließend habe ich noch den CCleaner nach deinen Angaben ausgeführt.

Code:

OTL logfile created on: 24.04.2012 17:09:07 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)

PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

PRC - C:\Windows\SMINST\BLService.exe ()

PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)

PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()

MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)

DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}

IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]

 

[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions

[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com

[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net

[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found

O4 - HKCU..\Run: [PMCRemote]  File not found

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs

[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes

[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso

[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}

[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys

[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Vielen Dank schon mal für deine weitere Hilfe!!!

kira	24.04.2012 18:02

Zitat:

Zitat von Chrissi25 (Beitrag 818936)

Anschließend habe ich noch den CCleaner nach deinen Angaben ausgeführt.

bitte nochmal lesen was Du wirklich tun musst:

CCleaner starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Chrissi25

24.04.2012 18:19

Hallo Kira,

tut mir leid, dass ich versehentlich das falsche log-file eingefügt habe. Hier das CCleaner-log-file.

Code:

Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        05.10.2008        14,0MB        

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        12.04.2012                11.2.202.233

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        13.04.2012                11.2.202.233

Adobe Photoshop Elements        Adobe Systems, Inc.        21.06.2009        68,3MB        1.0

Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        11.04.2012                10.1.3

Adobe Shockwave Player 11.5        Adobe Systems, Inc.        21.04.2010        11,7MB        11.5.6.606

Adobe SVG Viewer        Adobe Systems, Inc.        21.06.2009        3,38MB        1.0

Agatha Christie - Das haus an der Düne        JoWooD        27.09.2009        66,9MB        1.0.0

AIM                29.10.2008                

CCleaner        Piriform        17.04.2012        4,46MB        3.17

Christmasville        Purplehills        30.09.2009        48,0MB        1.00.0000

Chromas                27.01.2011        0,63MB        

Clone Manager Professional Suite 8                13.10.2010        8.608MB        

Compatibility Pack für 2007 Office System        Microsoft Corporation        17.02.2012                12.0.6612.1000

Conduit Engine        Conduit Ltd.        02.06.2011        4,28MB        

CyberLink DVD Suite        CyberLink Corp.        05.10.2008        48,0MB        5.5.1519

CyberLink YouCam        CyberLink Corp.        05.10.2008        76,1MB        2.0.1616

Der Stein der Weisen                30.09.2009        20,6MB        

DivX Codec        DivX, Inc.        11.02.2009        1,66MB        6.6.1

Dr. Brains Mehr Gehirnjogging                13.03.2009        17,3MB        

e-Seq V2.0                27.02.2010        1,39MB        

GENtle                19.09.2010        10,4MB        

Giraffic Video Accelerator        Giraffic        02.06.2011        9,91MB        0.85.790.230

Google Chrome        Google Inc.        11.04.2010        246MB        18.0.1025.152

Google Earth        Google        24.11.2011        92,8MB        6.1.0.5001

Google Toolbar for Internet Explorer        Google Inc.        16.03.2012        10,6MB        7.3.2710.138

Holly - Ein Weihnachtsmärchen        Purplehills        30.09.2009        136,7MB        1.00.0000

Holly im Wunderland                30.09.2009        115,0MB        

HP Active Support Library        Hewlett-Packard        27.04.2011        20,5MB        3.1.9.1

HP Customer Experience Enhancements        Hewlett-Packard        30.07.2008        0,98MB        5.7.0.2630

HP Easy Setup - Frontend        Hewlett-Packard        30.07.2008        2,17MB        5.7.0.2630

HP Help and Support        Hewlett-Packard        04.04.2010        14,3MB        2.0.10.0

HP LaserJet P3005        Hewlett-Packard Co.        21.03.2010        20,2MB        

HP Quick Launch Buttons 6.40 D1        Hewlett-Packard        30.07.2008        17,2MB        6.40 D1

HP QuickPlay 3.7        Hewlett-Packard        05.10.2008        182,0MB        

HP QuickTouch 1.00 D2        Hewlett-Packard        30.07.2008        1,77MB        1.0.9

HP Total Care Advisor        Hewlett-Packard        31.07.2008        38,8MB        2.1.3359.2635

HP Update        Hewlett-Packard        02.04.2011        3,97MB        5.002.007.004

HP Wireless Assistant        Hewlett-Packard        31.07.2008        4,00MB        3.00 J1

IDT Audio        IDT        05.10.2008        20,6MB        1.0.6017.13

Java(TM) 6 Update 30        Sun Microsystems, Inc.        21.03.2010        95,0MB        6.0.300

JMicron JMB38X Flash Media Controller        JMicron Technology Corp.        05.10.2008        3,68MB        1.00.16.01

Jump Jack                05.08.2009        217MB        

LabelPrint        CyberLink Corp.        05.10.2008        230MB        2.20.2719

LightScribe System Software  1.12.33.2        LightScribe        05.10.2008        20,9MB        1.12.33.2

Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        16.04.2012        11,7MB        1.61.0.1400

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        08.03.2010        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        02.01.2010        37,0MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        12.10.2010        120,3MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        12.10.2010        24,5MB        4.0.30319

Microsoft Office File Validation Add-In        Microsoft Corporation        23.09.2011                14.0.5130.5003

Microsoft Office Home and Student 2007        Microsoft Corporation        17.02.2012        561MB        12.0.6612.1000

Microsoft Office Outlook Connector        Microsoft Corporation        15.11.2010        3,36MB        14.0.5118.5000

Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        17.02.2012                12.0.6612.1000

Microsoft Office Professional Plus 2007        Microsoft Corporation        17.02.2012        561MB        12.0.6612.1000

Microsoft Security Essentials        Microsoft Corporation        07.02.2012        17,9MB        2.1.1116.0

Microsoft Silverlight        Microsoft Corporation        23.02.2012                4.1.10111.0

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        15.11.2010        1,74MB        3.1.0000

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        02.01.2010        0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        17.05.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        07.02.2012        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        12.10.2010        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,58MB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        10.02.2012                10.0.40219

Microsoft Works        Microsoft Corporation        12.04.2012                9.7.0621

Mozilla Firefox (3.6.3)        Mozilla        06.04.2010        27,4MB        3.6.3 (de)

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        02.01.2010        35,00KB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        02.01.2010        1,34MB        4.20.9876.0

MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        11.02.2009        1,23MB        4.20.9818.0

My HP Games        WildTangent        05.10.2008        547MB        1.0.0.43

Mysteryville 2        Mysteryville 2        30.09.2009        39,1MB        1.00.0000

NVIDIA Drivers        NVIDIA Corporation        12.10.2010                1.10

NVIDIA GAME System Software 2.8.1        NVIDIA Corporation        26.10.2011        10,7MB        2.8.1

pDRAW32                19.09.2010        1,11MB        

Peggle Deluxe 1.03                21.01.2009        17,0MB        

Pinnacle DistanTV Server        Pinnacle Systems        11.02.2009        13,2MB        1.0.0.095

Pinnacle TVCenter Pro        Pinnacle Systems        11.02.2009        158,5MB        4.99.2088

PirateVille                28.09.2009        49,0MB        

Power2Go        CyberLink Corp.        05.10.2008        163,9MB        5.6.3919

PowerDirector        CyberLink Corp.        31.07.2008        353MB        6.5.2719

ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        05.11.2010        92,00KB        11.0.0.14

ProtectSmart Hard Drive Protection        Hewlett-Packard        05.10.2008        2,25MB        3.10 A7

QuickPlay SlingPlayer 0.4.6        SlingMedia        05.10.2008        182,0MB        0.4.6

Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        05.10.2008        1,54MB        1.00.0000

Schlag den Raab        bitComposer Games GmbH        05.11.2010        567MB        

Sherlock Holmes - Die Spur der Erwachten Remastered        Frogwares        26.10.2011        2.036MB        1.00.0777

Skype™ 4.2        Skype Technologies S.A.        22.03.2010        25,5MB        4.2.155

SuperTux 0.1.3        SuperTux Development Team        27.04.2010        17,4MB        

Synaptics Pointing Device Driver        Synaptics Incorporated        12.10.2010        13,7MB        15.0.17.4

Trojan Killer        Gridinsoft LLC        14.04.2012        27,3MB        2.1.2.0

Veoh Web Player Toolbar        Veoh Web Player        02.06.2011        4,36MB        6.3.2.90

Viewpoint Media Player                29.10.2008        7,30MB        

W&G - Der Hummelfluch        Daedalic Entertainment        01.11.2010        351MB        1.0.0.15

W&G - Urlaub Unter Tage        Daedalic Entertainment        22.12.2011        894MB        1.0.0.15

web'n'walk Manager        Option NV        24.12.2009        2,43MB        2.5.0.68

Windows Live Essentials        Microsoft Corporation        16.11.2010                15.4.3502.0922

Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        15.11.2010        5,58MB        15.4.5722.2

WinSCP 4.2.8        Martin Prikryl        16.09.2010        8,63MB        4.2.8

Xvid 1.1.3 final uninstall        Xvid team (Koepi)        04.11.2010        0,77MB        1.1

Zak McKracken - Between Time and Space                04.11.2010                

Zune        Microsoft Corporation        01.02.2012        97,0MB        04.08.2345.00

Viele Grüße und DANKE nochmal!

kira	25.04.2012 06:25

2. teil - Systemreinigung und Prüfung:
ganz schön viel zu tun...

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
nicht empfohlen:

Zitat:

Veoh Web Player <- Softwareart: Adware
Veoh Web Player Toolbar

finanziert sich über eine Adware-Komponente
Hinweis: Um den "Veoh Web Player" vollständig nutzen zu können, müssen Sie sich nach der Installation beim Hersteller mit einer E-Mail-Adresse registrieren. Während der Installation sollten Sie die angebotene Software abklicken, diese hat nichts mit dem eigentlichen Programm zu tun. Zudem empfehlen wir Ihnen, die ungefragt mitgelieferte Veoh-Toolbar gleich nach der Installation wieder aus dem System zu löschen.

3.
Deinstalliere...(unter Software/Programme und im Browser)
wird ungefragt (mit)installiert, kann man nicht brauchen:-> Conduit Engine aus Firefox entfernen

Code:

Conduit Engine <- Adware

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen;)

4.
wird ungefragt installiert, benötigt kein Mensch, kannst deinstallieren:

Zitat:

Viewpoint Media Player

5.
kann deinstalliert werden (unnötig):

Zitat:

Trojan Killer

6.
Ob aus Unwissenheit auf deinem Rechner gelandet bzw aktiviert?:

Code:

EasyBits Software AS

EasyBits Games Go - Uninstaller

7.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/themen/nachrichten/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}

IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.lrz-muenchen.de/

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2653012&SearchSource=13"

FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found

O4 - HKCU..\Run: [PMCRemote]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun

O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe

[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

:Files

C:\Users\Nina\AppData\Roaming\Ryloso

C:\Users\Nina\AppData\Roaming\Ogug

 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

9.
Dir bekannte Bilder? woher stammen sie denn?:
C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

10.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

C:\ProgramData\EwxRa6k2hb2uaz

könnten auch von Malware stammen..

11.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

12.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> http://filepony.de/download-firefox/

Code:

Mozilla Firefox

aber Achtung!:
..falls nötig, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen

13.
Tipps (unabhängig davon ob man ihn benutzt oder nicht!):
IE 9: Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?
-> Verwalten von Add-Ons in Internet Explorer
-> Firefox mit Add-ons anpassen
-> Firefox Add-Ons endgültig löschen | PcBeirat.de

14.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

15.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

16.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

17.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

Code:

mbr.exe -t > C:\mbr.log & C:\mbr.log

(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

Chrissi25

25.04.2012 13:28

Hallo Kira,

vielen Dank für deine schnelle Antwort.

Zu Punkt 1:
WindowsDefender war bereits abgeschaltet, in der Systemkonfiguration war allerdings das Häkchen noch gesetzt, dieses habe ich entfernt. Danach musste der Rechner neu gestartet werden.
Anschließend habe ich diesen auch noch unter Dienste deaktiviert.

Zu Punkt 2:
Habe den Veoh Web Player deinstalliert.

Zu Punkt 3:
Conduit Engine wurde deinstalliert.

Dies mal der bisherige Stand der Dinge. Gleich geht´s weiter.

Hallo Kira,

hier nun der weitere Verlauf.

Und gleich nochmal zu Punkt 2:
Zwar habe ich den Veoh Web Player deinstalliert, allerdings ist dieser noch immer unter "Start" aufgeführt und auch das Desktop-Incon ist noch vorhanden.

Zu Punkt 4:
Viewpoint Media Player wurde deinstalliert.

Zu Punkt 5:
Trojan Killer wurde deinstalliert.

Zu Punkt 6:
EasyBits Software AS wurde mit dem EasyBits Games Go - Uninstaller entfernt.

Zu Punkt 7:
Das System wurde mit dem CCleaner gereinigt.

Soweit der bisherige Stand. Werde das System jetzt neu starten und dann fortfahren.

Hallo Kira,

also hier die weiteren Schritte.

Zu Punkt 8:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.

File C:\Programme\Veoh_Web_Player\prxtbVeoh.dll not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.

File C:\Programme\Veoh_Web_Player\prxtbVeoh.dll not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CDF6C72-1159-4A03-95AC-412ED051C724}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF9519CB-6984-4763-A926-EBAD4BB9672A}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13" removed from browser.startup.homepage

Prefs.js: toolbar@gmx.net:1.5 removed from extensions.enabledItems

Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems

Prefs.js: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2 removed from extensions.enabledItems

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.

File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{0E72B33F-C093-4B1A-8B7C-90766110C756} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E72B33F-C093-4B1A-8B7C-90766110C756}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlSnqDidGxPete.exe not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\Autorun_dll.log moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.

File F:\setup.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.

File F:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.

File F:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.

File G:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.

File F:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.

File F:\setup.exe not found.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== FILES ==========

C:\Users\Nina\AppData\Roaming\Ryloso folder moved successfully.

C:\Users\Nina\AppData\Roaming\Ogug folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Nina\Desktop\cmd.bat deleted successfully.

C:\Users\Nina\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: Majo

->Temp folder emptied: 315297 bytes

->Java cache emptied: 0 bytes

 

User: Nina

->Temp folder emptied: 6862613 bytes

->Java cache emptied: 25876385 bytes

->FireFox cache emptied: 33882941 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1076 bytes

 

User: Public

 

User: TEMP

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2610 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 64,00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 04252012_160530
 

Files\Folders moved on Reboot...

C:\Users\Nina\AppData\Local\Temp\ehmsas.txt moved successfully.
 

Registry entries deleted on Reboot...

Zu Punkt 9:
Wurden komplett gelöscht.

Zu Punkt 10:
C:\ProgramData\EwxRa6k2hb2uaz kann jetzt nach einem Suchvorgang nicht mehr gefunden werden.

Zu Punkt 11:
Java Version wurde deinstalliert und das System wird jetzt neu gestartet.

Die weiteren Resultate folgen in Kürze.

Hallo Kira,

nun die weiteren Fortschritte.

Noch zu Punkt 11:
Java Version 6 Update 31 wurde installiert.

Zu Punkt 12:
Die alte Mozilla Firefox Version wurde deinstalliert und die aktuelle installiert.

Zu Punkt 14:
Habe erneut den CCleaner ausgeführt und starte das System neu.

Gleich die weiteren Ergebnisse.

Hallo Kira,

hier der weitere Verlauf.

Zu Punkt 15:
OTL.Txt-log-file:

Code:

OTL logfile created on: 25.04.2012 18:16:14 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,71% Memory free

6,19 Gb Paging File | 4,86 Gb Available in Paging File | 78,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 16,19 Gb Free Space | 5,60% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

PRC - [2012.04.13 22:27:15 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe

PRC - [2012.02.27 18:07:41 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe

PRC - [2011.05.27 12:00:24 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2011.04.06 13:47:16 | 002,644,992 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe

PRC - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe

PRC - [2011.03.08 17:04:38 | 003,711,104 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Giraffic.exe

PRC - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2010.09.21 16:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.21 23:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe

PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe

PRC - [2009.02.26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe

PRC - [2008.03.25 16:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.11.07 13:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe

PRC - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.17 15:14:08 | 001,283,584 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll

MOD - [2011.03.17 15:14:08 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll

MOD - [2011.03.17 15:14:06 | 010,836,480 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll

MOD - [2011.03.17 15:14:06 | 008,273,408 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll

MOD - [2011.03.17 15:14:06 | 002,286,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll

MOD - [2011.03.17 15:14:06 | 000,805,888 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll

MOD - [2011.03.17 15:14:02 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll

MOD - [2011.03.17 15:14:02 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll

MOD - [2008.06.25 22:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

MOD - [2008.06.25 22:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

MOD - [2008.06.25 22:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll

MOD - [2008.06.25 22:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

MOD - [2008.06.25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

MOD - [2008.03.25 16:45:44 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll

MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll

MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.14 14:27:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\GirafficWatchdog.exe -- (Giraffic)

SRV - [2010.09.23 02:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010.09.22 18:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)

SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)

SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.04.25 18:07:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A72E02D-2751-48E7-846E-388A3811565E}\MpKsl4324bb58.sys -- (MpKsl4324bb58)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.07.21 23:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.07.08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.05.14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008.05.02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.03.07 14:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2007.07.09 16:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)

DRV - [2007.06.26 15:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)

DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.06.14 16:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)

DRV - [2007.06.13 21:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)

DRV - [2007.03.30 15:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)

DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 17:55:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 17:38:28 | 000,000,000 | ---D | M]

 

[2012.04.25 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions

[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.04.25 17:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions

[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.25 17:32:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.25 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Mozilla

[2012.04.25 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.04.25 17:32:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.04.25 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.04.25 16:05:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs

[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes

[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}

[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.25 18:14:23 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.25 18:14:23 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.25 18:14:23 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.25 18:14:23 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.25 18:13:03 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.04.25 18:07:26 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.25 18:07:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.25 18:07:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.25 18:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.25 18:07:14 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.25 18:06:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.25 17:55:27 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.25 17:32:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.04.25 17:32:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.04.25 17:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.04.25 17:32:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.04.25 17:27:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.25 15:56:25 | 000,386,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.04.25 13:09:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.04.24 19:08:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.04.25 17:55:27 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.25 17:55:27 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.25 13:09:39 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys

[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk

[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz

[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg

[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg

[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== LOP Check ==========

 

[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online

[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote

[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games

[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy

[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville

[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC

[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template

[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games

[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone

[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent

[2012.04.25 18:06:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras.Txt-log-file:

Code:

OTL Extras logfile created on: 25.04.2012 18:16:14 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,71% Memory free

6,19 Gb Paging File | 4,86 Gb Available in Paging File | 78,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 16,19 Gb Free Space | 5,60% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 

"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 

"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 

"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 

"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 

"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety

"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server

"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"AIM_6" = AIM

"CCleaner" = CCleaner

"Chromas" = Chromas

"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8

"Der Hummelfluch" = W&G - Der Hummelfluch

"Der Stein der Weisen" = Der Stein der Weisen

"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging

"GENtle" = GENtle

"Giraffic" = Giraffic Video Accelerator

"Google Chrome" = Google Chrome

"Holly im Wunderland" = Holly im Wunderland

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HPLaserJetP3005" = HP LaserJet P3005

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Jump Jack" = Jump Jack

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"NVIDIA Drivers" = NVIDIA Drivers

"Peggle Deluxe 1.03" = Peggle Deluxe 1.03

"PirateVille" = PirateVille

"PROPLUS" = Microsoft Office Professional Plus 2007

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"Schlag den Raab_is1" = Schlag den Raab

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"ST6UNST #1" = pDRAW32

"SuperTux_is1" = SuperTux 0.1.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Urlaub Unter Tage" = W&G - Urlaub Unter Tage

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.2.8

"Xvid_is1" = Xvid 1.1.3 final uninstall

"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space

"Zune" = Zune

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 25.04.2012 10:46:45 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.04.2012 10:53:12 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 25.04.2012 10:54:23 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 25.04.2012 11:01:49 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.04.2012 11:17:01 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 25.04.2012 11:20:34 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 25.04.2012 11:24:02 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.04.2012 11:31:14 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 25.04.2012 12:08:35 | Computer Name = Nina-PC | Source = Windows Search Service | ID = 3024

Description = 

 

Error - 25.04.2012 12:08:55 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0

Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 

'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

 

[ OSession Events ]

Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729

 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452

 seconds with 2220 seconds of active time.  This session ended with a crash.

 

Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681

 seconds with 3660 seconds of active time.  This session ended with a crash.

 

Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718

 seconds with 1860 seconds of active time.  This session ended with a crash.

 

Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146

 seconds with 5580 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.04.2012 07:24:56 | Computer Name = Nina-PC | Source = netbt | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 141.40.145.242  registriert werden. Der Computer mit IP-Adresse 141.40.145.194

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 25.04.2012 08:32:46 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 09:52:13 | Computer Name = Nina-PC | Source = netbt | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 141.40.145.242  registriert werden. Der Computer mit IP-Adresse 141.40.145.194

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 25.04.2012 09:57:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 10:05:31 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 25.04.2012 10:08:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 10:46:46 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 11:01:49 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 11:24:02 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.04.2012 12:08:56 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

Weitere Resultate gleich...

Hallo Kira,

zu Punkt 16:
Gmer wurde heruntergeladen und ausgeführt, aber nicht als Administrator. Währenddessen erschien folgende Nachricht:
Gmer.exe funktioniert nicht mehr
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
Sollte der Scan jetzt trotzdem nochmal, aber diesmal richtig, d.h. als Administrator ausgeführt werden?

Viele Grüße!

Chrissi25

30.04.2012 13:29

Hallo Kira,

hier noch zu Punkt 17:
log-file von mbr.exe:

Code:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net

Windows 6.0.6002 Disk: WDC_WD3200BEVT-60ZCT0 rev.12.01A12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 
 

device: opened successfully

user: MBR read successfully
 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys 

C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System

1 ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Harddisk0\DR0[0x8679E1E8]

3 CLASSPNP[0x82A098B3] -> ntkrnlpa!IofCallDriver[0x8244A912] -> [0x8679E8B0]

5 hpdskflt[0x8B7B0F92] -> ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85F93B98]

kernel: MBR read successfully

user & kernel MBR OK

Viele Grüße!

kira	30.04.2012 15:15

Systemreinigung und Prüfung:

1.

Zitat:

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

:OTL

PRC - [2011.04.06 13:47:16 | 002,644,992 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe

MOD - [2011.03.17 15:14:08 | 001,283,584 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll

MOD - [2011.03.17 15:14:08 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll

MOD - [2011.03.17 15:14:06 | 010,836,480 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll

MOD - [2011.03.17 15:14:06 | 008,273,408 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll

MOD - [2011.03.17 15:14:06 | 002,286,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll

MOD - [2011.03.17 15:14:06 | 000,805,888 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll

MOD - [2011.03.17 15:14:02 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll

MOD - [2011.03.17 15:14:02 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll

SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - user.js - File not found

[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
 

:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" =

"{87157B1B-4F23-442B-B89A-A805D28F8486}" =-

"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" =-

"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" =-
 

:Files

C:\Users\Public\Desktop\Trojan Killer.lnk

C:\ProgramData\EwxRa6k2hb2uaz

C:\Users\Nina\Desktop\SMART_HDD.lnk

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?
-> Verwalten von Add-Ons in Internet Explorer

3.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Chrissi25

02.05.2012 15:28

Hallo Kira,

hier die weiteren Fortschritte.

Zu Punkt 1:
Wurde durchgeführt, allerdings habe ich vergessen, das log-file gleich zu posten. Habe es zwar gespeichert, aber als REG-Datei. Darf man diese unbesorgt öffnen, ohne damit Schäden zu verusachen, damit ich dir das log-file nochmal zuschicken kann?

Zu Punkt 3:
System wurde sowohl gescannt wie auch bereinigt und anschließend neu gestartet.

Zu Punkt 4:
SUPERAntiSpyware FREE Edition wurde heruntergeladen und ausgeführt. Hier das Protokoll des Scans:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/02/2012 at 03:36 PM
 

Application Version : 5.0.1148
 

Core Rules Database Version : 8541

Trace Rules Database Version: 6353
 

Scan type       : Complete Scan

Total Scan Time : 01:19:34
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 703

Memory threats detected   : 0

Registry items scanned    : 35879

Registry threats detected : 0

File items scanned        : 70160

File threats detected     : 5
 

Adware.Tracking Cookie

        C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GBME0R3.txt [ Cookie:nina@ad3.adfarm1.adition.com/ ]

        C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\96PBO8Q0.txt [ Cookie:nina@4stats.de/ ]

        C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UV20UMOA.txt [ Cookie:nina@apmebf.com/ ]

        C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF2YCVT0.txt [ Cookie:nina@adfarm1.adition.com/ ]
 

Heur.Agent/Gen-FakeIE

        C:\WINDOWS\INSTALLER\{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}\ICON7F6F58CF.EXE

Leider war die Durchführung nicht genau so wie in deiner Anleitung beschrieben, ich hoffe, dass dieses log-file das Richtige ist.

Zu Punkt 5:
Ich habe seit längerer Zeit keine externen Datenträger verwendet, daher habe ich diesen Punkt nicht durchgeführt.

Werde das System jetzt nochmal neu starten und danach bei Punkt 6 fortfahren.

Viele Grüße!

Chrissi25

03.05.2012 15:48

Hallo Kira,

nun die weiteren Ergebnisse.

Zu Punkt 6:
Habe den Scan mit dem Eset Online Scanner durchgeführt und anschließend die gefundenen Infektionen entfernen lassen. Hier das log-file (ich hoffe es ist das Richtige; es sind die vom Programm aufgelisteten Funde, die ich als txt-file exportieren habe lassen; unter C:/Programme/EsetOnlineScanner/log.txt konnte ich eine derartige Datei leider nicht finden)

Code:

C:\Program Files\ReviverSoft\Registry Reviver\SetUp.exe        a variant of Win32/SlowPCfighter application        cleaned by deleting - quarantined

C:\Users\Nina\AppData\Roaming\OpenCandy\OpenCandy_1E5616BAC19B4CD0BEAB9EAA9B2EEBCC\p1v1_PPIRegistryReviver_w.exe        a variant of Win32/SlowPCfighter application        deleted - quarantined

C:\Users\Nina\AppData\Roaming\OpenCandy\OpenCandy_1E5616BAC19B4CD0BEAB9EAA9B2EEBCC\PPIRegistryReviverSetup.exe        a variant of Win32/SlowPCfighter application        cleaned by deleting - quarantined

C:\Users\Nina\Videos\Veoh\VeohWebPlayerSetup_eng.exe        a variant of Win32/Toolbar.Zugo application        deleted - quarantined

Nun noch der OTL-Scan, die Ergebnisse kommen gleich!

Hallo Kira,

hier die Ergebnisse des OTL-Scans.

Zu Punkt 7:

OTL-log-file:

Code:

OTL logfile created on: 03.05.2012 16:50:00 - Run 4

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,48% Memory free

6,19 Gb Paging File | 3,92 Gb Available in Paging File | 63,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 15,10 Gb Free Space | 5,22% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

PRC - [2012.04.13 22:27:15 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2012.03.26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe

PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe

PRC - [2012.02.27 18:07:41 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe

PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe

PRC - [2011.08.03 19:18:02 | 012,997,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE

PRC - [2011.05.27 12:00:24 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe

PRC - [2011.03.08 17:04:38 | 003,711,104 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Giraffic.exe

PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2010.09.21 16:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.21 23:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe

PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe

PRC - [2009.02.26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe

PRC - [2008.03.25 16:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.11.07 13:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe

PRC - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.03 12:38:08 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.05.03 12:38:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.05.02 14:13:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.05.02 14:13:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

MOD - [2008.06.25 22:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

MOD - [2008.06.25 22:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

MOD - [2008.06.25 22:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll

MOD - [2008.06.25 22:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

MOD - [2008.06.25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

MOD - [2008.03.25 16:45:44 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll

MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll

MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.14 14:27:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\GirafficWatchdog.exe -- (Giraffic)

SRV - [2010.09.23 02:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010.09.22 18:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)

SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)

SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.07.21 23:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.07.08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.05.14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008.05.02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.03.07 14:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2007.07.09 16:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)

DRV - [2007.06.26 15:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)

DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.06.14 16:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)

DRV - [2007.06.13 21:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)

DRV - [2007.03.30 15:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)

DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 17:55:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 17:38:28 | 000,000,000 | ---D | M]

 

[2012.04.25 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions

[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions

[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.04.25 17:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.05.02 13:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions

[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.25 17:32:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.02 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.02 14:13:36 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\SUPERAntiSpyware.com

[2012.05.02 14:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.05.02 14:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.05.02 14:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.04.30 14:20:32 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\gmer

[2012.04.25 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\gmer_gmer.exe

[2012.04.25 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Mozilla

[2012.04.25 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.04.25 17:32:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.04.25 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.04.25 16:05:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs

[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes

[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.03 16:36:35 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.03 16:36:35 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.03 16:27:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.03 12:41:14 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.03 12:41:14 | 000,596,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.03 12:41:14 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.03 12:41:14 | 000,103,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.03 12:37:08 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012.05.03 12:36:45 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.05.03 12:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.03 12:36:34 | 3215,982,592 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.02 21:56:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.02 14:12:36 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.04.30 14:18:52 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe

[2012.04.25 18:29:13 | 000,294,216 | ---- | M] () -- C:\Users\Nina\Desktop\gmer.zip

[2012.04.25 17:55:27 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.25 17:32:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.04.25 17:32:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.04.25 17:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.04.25 17:32:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.04.25 15:56:25 | 000,386,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.04.25 13:09:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.04.24 19:08:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe

[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.05.02 14:12:36 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.04.30 14:18:51 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe

[2012.04.25 18:29:13 | 000,294,216 | ---- | C] () -- C:\Users\Nina\Desktop\gmer.zip

[2012.04.25 17:55:27 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.25 17:55:27 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.25 13:09:39 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.18 21:25:22 | 3215,982,592 | -HS- | C] () -- C:\hiberfil.sys

[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk

[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk

[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk

[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk

[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk

[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk

[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk

[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd

 
 ========== LOP Check ==========

 

[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online

[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote

[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games

[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy

[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville

[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC

[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template

[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games

[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone

[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent

[2012.05.02 21:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras-log-file:

Code:

OTL Extras logfile created on: 03.05.2012 16:50:00 - Run 4

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,48% Memory free

6,19 Gb Paging File | 3,92 Gb Available in Paging File | 63,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,06 Gb Total Space | 15,10 Gb Free Space | 5,22% Space Free | Partition Type: NTFS

Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS

 

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 

"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 

"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 

"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 

"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 

"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 

"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 

"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety

"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server

"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"AIM_6" = AIM

"CCleaner" = CCleaner

"Chromas" = Chromas

"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8

"Der Hummelfluch" = W&G - Der Hummelfluch

"Der Stein der Weisen" = Der Stein der Weisen

"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging

"GENtle" = GENtle

"Giraffic" = Giraffic Video Accelerator

"Google Chrome" = Google Chrome

"Holly im Wunderland" = Holly im Wunderland

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HPLaserJetP3005" = HP LaserJet P3005

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Jump Jack" = Jump Jack

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"NVIDIA Drivers" = NVIDIA Drivers

"Peggle Deluxe 1.03" = Peggle Deluxe 1.03

"PirateVille" = PirateVille

"PROPLUS" = Microsoft Office Professional Plus 2007

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"Schlag den Raab_is1" = Schlag den Raab

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"ST6UNST #1" = pDRAW32

"SuperTux_is1" = SuperTux 0.1.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Urlaub Unter Tage" = W&G - Urlaub Unter Tage

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.2.8

"Xvid_is1" = Xvid 1.1.3 final uninstall

"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space

"Zune" = Zune

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 30.04.2012 08:14:31 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 30.04.2012 14:24:23 | Computer Name = Nina-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel

 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x8f4, Anwendungsstartzeit

 01cd26c94907f102.

 

Error - 02.05.2012 07:04:47 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 07:20:02 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 08:02:29 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 08:12:03 | Computer Name = Nina-PC | Source = Windows Backup | ID = 4103

Description = 

 

Error - 02.05.2012 08:12:42 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.05.2012 09:58:21 | Computer Name = Nina-PC | Source = VSS | ID = 8193

Description = 

 

[ Media Center Events ]

Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0

Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 

'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

 

[ OSession Events ]

Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729

 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452

 seconds with 2220 seconds of active time.  This session ended with a crash.

 

Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681

 seconds with 3660 seconds of active time.  This session ended with a crash.

 

Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718

 seconds with 1860 seconds of active time.  This session ended with a crash.

 

Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146

 seconds with 5580 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 02.05.2012 07:33:00 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.125.815.0     Aktualisierungsquelle: %%859
 

        Aktualisierungsphase:

 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 

        Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8304.0     Fehlercode:

 0x80240022     Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen

 ist nicht möglich. 

 

Error - 02.05.2012 07:33:00 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.125.815.0     Aktualisierungsquelle: %%859
 

        Aktualisierungsphase:

 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 

        Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8304.0     Fehlercode:

 0x80240022     Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen

 ist nicht möglich. 

 

Error - 02.05.2012 08:02:30 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 02.05.2012 08:02:30 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 03.05.2012 10:38:14 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 03.05.2012 10:38:26 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024

Description = 

 

 

< End of report >

Viele Grüße!

Alle Zeitangaben in WEZ +1. Es ist jetzt 09:59 Uhr.

Seite 1 von 3

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19