Trojaner-Board - Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll

Hallo,

OTL ist also ohne Probleme durchgelaufen. Hier die Protokolle

OTLTxt

Code:

OTL logfile created on: 06.12.2009 21:46:12 - Run 1

OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\Eifel-Kaffee 2\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free

2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TOSHIBA

Current User Name: Eifel-Kaffee 2

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe

PRC - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

PRC - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe

PRC - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe

PRC - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe

PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.03.30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe

PRC - [2008.08.14 10:40:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PRC - [2008.08.14 10:40:36 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2008.08.14 10:14:20 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

PRC - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

PRC - [2008.01.18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2007.05.31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe

PRC - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe

MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2009.11.06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009.10.30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)

SRV - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)

SRV - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)

SRV - [2009.06.05 19:11:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e60912df045e) Google Update Service (gupdate1c9e60912df045e)

SRV - [2009.06.05 19:10:57 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)

SRV - [2009.02.09 09:26:02 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2008.11.04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2008.01.18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.16 19:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)

SRV - [2008.01.16 19:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)

SRV - [2007.11.06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2007.11.06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2007.10.14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)

SRV - [2007.06.29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007.05.31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)

SRV - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Live Search"

FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://home.1und1.de/?__rd=ac170c22xtxW8xC9yO8OVP97HK2fqJ2X&origin[site]=MX.EUE.DE&origin[page]=index&ucuoId=MX.EUE.DE-20090603131513-ac170c57ItANZhiKpcylKQjev0Cg9FOO-S1"

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0

FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.4.0

FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1

FF - prefs.js..keyword.URL: "http://www.ask.com/web?&o=13048&l=dis&q="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.03 07:29:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.06 16:29:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 07:48:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.21 22:26:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.11.27 22:48:58 | 00,000,000 | ---D | M]

 

[2008.10.27 08:32:37 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Extensions

[2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions

[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}

[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}

[2009.08.08 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2009.11.30 09:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\fb_add_on@avm.de

[2009.02.21 12:48:32 | 00,001,632 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Mozilla\FireFox\Profiles\myz50cwr.default\searchplugins\live-search.xml

[2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.09.09 06:45:22 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2009.09.09 06:45:22 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2009.09.09 06:45:22 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2009.09.10 20:00:40 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2009.09.09 06:45:22 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1         localhost

O1 - Hosts: ::1         localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun

O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008.10.28 11:15:47 | 00,000,000 | ---D | M]

NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 
 ========== Files/Folders - Created Within 14 Days ==========

 

[2009.12.06 21:44:51 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe

[2009.12.06 20:25:21 | 00,000,000 | --SD | C] -- C:\cf

[2009.12.06 18:20:51 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Local\Threat Expert

[2009.12.06 16:30:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard

[2009.12.06 16:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!

[2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3

[2009.12.06 15:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009.12.06 08:41:28 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup

[2009.12.06 08:33:38 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2009.12.05 21:27:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2009.12.05 21:27:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2009.12.05 21:27:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2009.12.05 21:27:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2009.12.05 08:53:55 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2009.12.05 08:53:55 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2009.12.05 08:53:55 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2009.12.05 08:52:26 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2009.12.05 08:52:26 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2009.12.05 08:52:20 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2009.12.05 08:52:19 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2009.12.05 08:51:59 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2009.12.05 08:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\PC Tools

[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2009.12.03 21:24:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009.12.03 21:24:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009.12.03 19:43:07 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2009.11.30 09:11:09 | 00,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll

[2009.11.30 09:11:09 | 00,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll

[2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll

[2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll

[2009.11.30 09:11:08 | 00,451,888 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HHActiveX.dll

[2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll

[2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll

[2009.11.30 09:11:08 | 00,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll

[2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch

[2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box

[2009.11.29 21:24:43 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn

[2009.11.29 21:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2009.11.28 16:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009.11.28 10:41:24 | 00,000,000 | ---D | C] -- C:\AVZ

[2009.11.28 10:37:16 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\Desktop\Virus

[2009.11.23 20:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2009.11.22 22:37:44 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Malwarebytes

[2009.11.22 22:35:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009.11.22 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

 
 ========== Files - Modified Within 14 Days ==========

 

[2009.12.06 21:45:07 | 03,932,160 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat

[2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe

[2009.12.06 21:43:27 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll

[2009.12.06 21:40:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009.12.06 21:18:20 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2009.12.06 20:38:24 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll

[2009.12.06 20:35:39 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2009.12.06 20:33:53 | 00,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2009.12.06 20:33:47 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009.12.06 20:33:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009.12.06 20:33:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009.12.06 20:24:34 | 03,581,761 | R--- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe

[2009.12.06 20:07:48 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009.12.06 20:07:29 | 00,524,288 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TMContainer00000000000000000001.regtrans-ms

[2009.12.06 20:07:29 | 00,065,536 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TM.blf

[2009.12.06 18:47:42 | 00,000,328 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg

[2009.12.06 18:47:39 | 00,001,288 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg

[2009.12.06 18:15:08 | 00,000,093 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL

[2009.12.06 16:36:06 | 02,492,046 | -H-- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\IconCache.db

[2009.12.06 15:28:04 | 00,061,056 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\GDIPFONTCACHEV1.DAT

[2009.12.06 09:06:53 | 00,001,604 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg

[2009.12.04 19:59:35 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2009.12.04 19:59:34 | 00,049,664 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.12.03 21:35:23 | 00,269,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.12.03 21:04:17 | 00,006,404 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg

[2009.11.29 10:52:41 | 00,051,942 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf

[2009.11.29 10:34:38 | 00,000,139 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL

[2009.11.28 17:01:01 | 00,026,418 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg

[2009.11.27 22:15:00 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009.11.27 22:15:00 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2009.11.27 22:15:00 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009.11.27 22:15:00 | 00,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2009.11.27 22:15:00 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009.11.23 20:24:29 | 00,000,743 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009.11.22 23:37:43 | 00,019,944 | ---- | M] () -- C:\Windows\System32\drivers\atapi(46).sys

 
 ========== Files Created - No Company Name ==========

 

[2009.12.06 20:23:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll

[2009.12.06 20:02:42 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe

[2009.12.06 18:58:11 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll

[2009.12.06 18:47:42 | 00,000,328 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg

[2009.12.06 18:46:03 | 00,001,288 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg

[2009.12.06 18:15:08 | 00,000,093 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL

[2009.12.06 16:22:00 | 03,581,761 | R--- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe

[2009.12.06 09:06:52 | 00,001,604 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg

[2009.12.05 21:27:52 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2009.12.05 21:27:52 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2009.12.05 21:27:52 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2009.12.05 21:27:52 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2009.12.05 08:53:57 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2009.12.05 08:53:56 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2009.12.05 08:53:56 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2009.12.05 08:53:55 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip

[2009.12.05 08:53:55 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2009.12.05 08:52:26 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat

[2009.12.05 08:52:20 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat

[2009.12.05 08:52:20 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat

[2009.12.05 08:51:59 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat

[2009.12.03 21:04:11 | 00,006,404 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg

[2009.11.29 10:52:40 | 00,051,942 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf

[2009.11.29 10:34:38 | 00,000,139 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL

[2009.11.28 17:00:57 | 00,026,418 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg

[2009.11.15 12:37:55 | 00,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.09.17 20:44:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.17 20:43:20 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi(46).sys

[2009.08.03 20:54:36 | 00,000,020 | ---- | C] () -- C:\Windows\tm.ini

[2009.08.03 20:49:04 | 00,130,560 | ---- | C] () -- C:\Windows\System32\ZipDll.dll

[2009.07.31 07:06:03 | 00,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI

[2009.05.01 19:41:36 | 00,000,680 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\d3d9caps.dat

[2009.03.08 08:18:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.03.08 08:14:20 | 00,288,627 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_nav.dat

[2009.03.08 08:13:50 | 00,002,973 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.dat

[2009.03.08 08:13:50 | 00,000,322 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_navps.dat

[2009.03.08 08:13:50 | 00,000,097 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.bat

[2009.02.09 20:45:57 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008.12.10 19:55:10 | 00,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll

[2008.12.10 19:53:30 | 00,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll

[2008.12.10 19:53:18 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

[2008.11.07 20:16:48 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.11.03 20:02:36 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2008.11.03 18:17:40 | 00,049,664 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.30 09:49:34 | 00,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb

[2008.10.30 08:00:19 | 00,001,551 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2008.10.26 20:46:55 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.10.31 16:37:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.08.10 14:00:52 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll

[2006.06.02 11:54:00 | 00,015,648 | ---- | C] () -- C:\Windows\UN060501.INI

[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

 
 ========== LOP Check ==========

 

[2009.09.23 17:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\1&1

[2009.03.14 08:26:38 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\AceBIT

[2009.07.28 11:58:04 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Bytemobile

[2009.11.17 09:09:10 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FileZilla

[2009.08.25 06:51:32 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!

[2009.11.30 09:11:07 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box

[2009.11.30 20:01:42 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\GoodSync

[2009.07.28 11:59:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\HCM Updater

[2009.08.03 20:31:17 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\hed

[2009.11.29 21:27:48 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn

[2009.11.12 08:11:53 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internet-Radio Player

[2009.04.24 06:41:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internetradio Player

[2009.06.03 08:00:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\IrfanView

[2009.11.11 09:04:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Lexware

[2009.12.06 08:41:28 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup

[2009.11.15 18:49:31 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\NASNaviator2

[2009.05.21 07:49:56 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\phonostar-Player

[2009.02.08 20:32:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\RapidSolution

[2008.10.27 08:34:54 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Thunderbird

[2009.05.04 19:44:11 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Toshiba

[2009.02.09 09:01:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\TuneUp Software

[2008.10.27 11:01:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Uniblue

[2009.12.06 18:09:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\UseNeXT

[2008.10.27 08:19:27 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Zeon

[2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job

[2009.12.06 20:07:51 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.exe >

 
 < %SYSTEMDRIVE%\eventlog.dll /s /md5 >

 
 < %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2008.01.18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2008.01.18 23:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

 
 < %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < %SYSTEMDRIVE%\sceclt.dll /s /md5 >

 
 < %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

 
 < %SYSTEMDRIVE%\logevent.dll /s /md5 >

 
 < %SYSTEMDRIVE%\iaStor.sys /s /md5 >

 
 < %SYSTEMDRIVE%\nvstor.sys /s /md5 >

[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

 
 < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

 
 < %SYSTEMDRIVE%\viasraid.sys /s /md5 >

 
 < %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

 
 < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

 
 < %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E29ACA54

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Und Extras.Txt

Code:

OTL Extras logfile created on: 06.12.2009 21:46:12 - Run 1

OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\Eifel-Kaffee 2\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free

2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TOSHIBA

Current User Name: Eifel-Kaffee 2

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SystemRoot%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03AEB1D6-316A-425B-A028-3A5D871E959A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{0D040324-126B-493C-93C5-0DB64C1F909C}" = rport=138 | protocol=17 | dir=out | app=system | 

"{0F2A5917-C585-4F47-926C-1F8F17C63767}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1E4157A5-FE2F-4E6F-89D3-6A10E43C6789}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{22D84576-5FE4-4906-BBD8-CE102604E9E0}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 

"{2BA1E7CD-2A7E-4D05-9DC6-113FA9317363}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{30BE8358-4715-4AD9-A37D-945421953053}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{378E1153-B451-413E-810E-04EA72D0ECE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3D1BC1BC-D9DC-461E-AA8E-2229F9770235}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{4090A722-3F47-4693-A2CD-511B618ADF75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{44DCA9C2-7676-4EB5-987A-471E307E2099}" = rport=445 | protocol=6 | dir=out | app=system | 

"{4B0E4A95-FD0E-4247-B32C-104133EAA1B6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{4BD8067F-23DE-4C43-BBD7-9904738FF9FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 

"{5362725E-FCCE-4113-980D-FC9D6218A5DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{61DCFD93-B07E-4732-92EE-996E939CAC29}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{64B768D0-5104-4E35-A105-80C69493600F}" = lport=138 | protocol=17 | dir=in | app=system | 

"{6EE6B1BD-5928-4225-B2CD-852795E11DC6}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6F0D0BE2-D9A8-4512-A075-1E65E02C428D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6FD3497D-2ADE-4C9F-AA04-49CBA491A052}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{7515502D-6C13-4222-8E93-A2D01B8C3100}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{8395BB33-102F-4B51-9B74-C95578C2D41C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{9123368A-7054-45F2-A8BA-18EC37EF8CB3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{92A6181C-3995-481A-953D-23EE078C3709}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{9BA1AD5C-AE4E-4C62-96AA-5D342755399D}" = lport=137 | protocol=17 | dir=in | app=system | 

"{9DEA75B9-CD84-4E21-8EE3-B61229206118}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A0E475FB-9985-4B18-85F3-660F6A62973A}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{A6DB7D0F-CD12-4DBF-BDBE-46114DABF7A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{AFB0A8BC-7C9A-4AA9-8979-C00E4E5EBC1A}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D46C9286-C099-4F6E-96E5-55B6543650AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D4AD6D6F-3668-4AA4-924D-9C556DFE7E7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 

"{D4E70EBD-FE27-4031-9F87-20E6EA2AD255}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{D81B24B6-7588-4197-B3BB-8460BC332BBB}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{DB2DAD60-1D27-413B-BE5A-57D44CC5E3FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DCAF6D3D-6268-46A5-9DC8-13554165C3BE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{E275A021-6254-4CF4-B8DF-43FC2F10E327}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E6F94FFD-155F-4EC2-A957-FC6E8F3FBE5C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{EBCF2295-1EF8-478F-9565-CFF53339C3F4}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{EE530C87-9A37-4C53-8FB6-1BD346852562}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{F1C926D2-EF5F-4907-BB87-DE397B0B51D2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{F5C76F02-A348-420C-82FC-8D11B300F60C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03EA08DB-8FFC-43D2-810B-9097555DF205}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 

"{073EA634-8750-4776-8CD0-696CACE24895}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0A5956F1-3486-4488-8694-8F468176E6EB}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 

"{1828AD09-ADB7-4B5E-B3B1-21F778D75B0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{218C0136-1A91-45AA-8EEB-41B6D41BAC6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{24E10276-E850-4202-A22B-39FCDA5387B3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{303A9EE8-D018-4DF4-9963-3FC951BE3155}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{313ADBB7-B719-479C-B882-86712257E627}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 

"{3B5A23D6-7C22-4DEF-8494-6EA1DF88074F}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 

"{3CDE2F4B-776D-4E26-8D00-607C21574984}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{3D063818-8EEF-4D98-82EA-46DFEDE690C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{50CDBC6D-5623-4D81-942D-FB21B2B3D5C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{57215715-11A2-49AF-B505-1E907C0E07F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{5D5654A1-0123-4E8D-B66F-321B22958312}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 

"{62322491-D8CD-4FEE-9ACC-D1C13918E513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 

"{63151601-5EB1-4ED5-B4B8-846CEF8EF2B8}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 

"{64013DAF-035F-4235-AD37-B46F8CE3FC2B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{6698F1BC-EF11-4310-9FBE-64FF9C31E771}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{66DE9A73-C10E-4930-B49E-F7BC59E6BC32}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 

"{8963FFEF-5947-4BD1-B906-80A07C667BA5}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 

"{89BA1CA1-F071-4C35-BB33-3996A9F38190}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{8D831126-B729-43EC-84EE-6D70F6C38AC2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{9405FEC9-64A7-46D7-B2BD-50555828DAC1}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 

"{94AAEA25-9ABB-4683-BD9A-C4C2F430C8F8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{9820ABE9-8A10-41D8-AB72-A46529685AF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{99FABDB8-8809-4820-B179-8F1EE7548E13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{9C90D155-E574-4DF0-AB56-59FD9FAD4EE6}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{A411668E-B050-403E-9CDA-C80836B4195E}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 

"{A6341A6C-E6D2-48D9-861E-74C915912E47}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{B21DB6E8-7839-4EB7-BD12-B0DC35A3D5A0}" = protocol=6 | dir=out | app=system | 

"{B224000F-69B4-4B1D-9857-A40497F0E220}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C576F0C1-FC4F-4C91-BCDF-9C3850A9BB50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C5F6245B-F3DC-4A06-93D7-9B088E2DE39D}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 

"{C8E815EF-B189-4808-A0B7-2B8AA599C198}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{D1AFDC57-4E2B-4211-9DB1-AD5741196871}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{D2321DE1-67E6-4CFD-A485-2062898F0C31}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 

"{D476F701-18A1-4F74-96CE-CCDEB8624920}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D945F86C-6B1C-4E99-8E3E-1F653B23A936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DA7F92C4-5E22-4D63-9463-F0536DA2FE42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 

"{DF35FEFE-CBB1-4A18-9358-98E7DF308996}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 

"{E27C0915-4351-46A0-B277-F20355826123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{E67ACE1E-64FC-4346-9999-7108A6A4469A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E8B5DE5C-5B71-4518-869E-07075E90910B}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 

"{EC8E1940-423E-4B97-9FBE-0AD334F538B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 

"{F062CF74-4E50-4C9D-96B7-2B0387A743CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{1B54E4BE-99AD-4A21-BBCD-5F9746A52162}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 

"TCP Query User{8CFFAFFB-DE3B-490D-A765-43383B7CFD2C}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=6 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | 

"TCP Query User{C16C7F39-2BFE-4E53-B353-E35204D68ED4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{CE31147B-B367-4C47-8670-D7BD68834E41}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | 

"TCP Query User{F56EDF58-216F-4731-9EBA-90512B088FE1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{0A3F064A-CF55-443D-8142-82EBFEF123C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{4DCD6078-479D-41F5-BC35-DE1B85698425}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | 

"UDP Query User{A071577C-F780-4D76-A933-D085C5D356A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{C8B70624-17E8-4DE8-A727-840F4F0D9AFC}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=17 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | 

"UDP Query User{D5007418-44EF-4B0B-B08B-A97EFDC22CB3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer

"{0C72C79F-2ECA-4595-B5FB-DDBE62D06B46}" = Lexware Elster

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax

"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar

"{482019C6-E633-443F-A8D8-96F1915FECC5}" = CAS Interface Studio 8.6c

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007

"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007

"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext

"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min

"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200

"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E11DFB49-0F7A-4FC5-B6D2-AD0A3CA7F152}" = AVM FRITZ!Fernzugang

"{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy

"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI

"1&1 MultiMessenger" = 1&1 MultiMessenger

"1&1 SmartFax" = 1&1 SmartFax

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Backup4all 3_is1" = Backup4all 3

"Browser Defender_is1" = Browser Defender 2.0.6.11

"CCleaner" = CCleaner

"EXCEL" = Microsoft Office Excel 2007

"Fausto" = Fausto

"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box

"Google Updater" = Google Updater

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"ImgBurn" = ImgBurn

"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)

"POWERPOINT" = Microsoft Office PowerPoint 2007

"RealPlayer 6.0" = RealPlayer

"SetEditArgus" = SetEditArgus (remove only)

"Spyware Doctor" = Spyware Doctor 7.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SystemRequirementsLab" = System Requirements Lab

"TAPI" = AVM TAPI Services for FRITZ!Box

"UN060501" = BUFFALO NAS Navigator2

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 0.9.9

"web'n'walk Manager" = web'n'walk Manager

"WinRAR archiver" = WinRAR archiver

"WORD" = Microsoft Office Word 2007

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 06.12.2009 03:31:50 | Computer Name = Toshiba | Source = VSS | ID = 8194

Description = 

 

Error - 06.12.2009 03:41:57 | Computer Name = Toshiba | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel

 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67,  Prozess-ID 0x7cc, 

Anwendungsstartzeit 01ca76441ef2c489.

 

Error - 06.12.2009 03:44:39 | Computer Name = Toshiba | Source = Application Hang | ID = 1002

Description = Programm MozBackup.exe, Version 1.4.8.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: fcc  Anfangszeit: 01ca764785408ee9  Zeitpunkt der Beendigung:

 5

 

Error - 06.12.2009 07:44:03 | Computer Name = Toshiba | Source = RasClient | ID = 20227

Description = 

 

Error - 06.12.2009 09:19:16 | Computer Name = Toshiba | Source = EventSystem | ID = 4609

Description = 

 

Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = EventSystem | ID = 4609

Description = 

 

Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 19

Description = 

 

Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 8193

Description = 

 

Error - 06.12.2009 09:29:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609

Description = 

 

Error - 06.12.2009 10:00:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609

Description = 

 

[ System Events ]

Error - 06.12.2009 13:45:17 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 06.12.2009 15:04:37 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030

Description = 

 

Error - 06.12.2009 15:11:19 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.12.2009 15:12:57 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030

Description = 

 

Error - 06.12.2009 15:18:06 | Computer Name = Toshiba | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 06.12.2009 um 20:15:57 unerwartet heruntergefahren.

 

Error - 06.12.2009 15:20:07 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.12.2009 15:27:47 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030

Description = 

 

Error - 06.12.2009 15:33:25 | Computer Name = Toshiba | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 06.12.2009 um 20:28:55 unerwartet heruntergefahren.

 

Error - 06.12.2009 15:35:25 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.12.2009 16:51:58 | Computer Name = Toshiba | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

[ TuneUp Events ]

Error - 22.11.2009 17:37:59 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:37:59', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','4612',0)

 

Error - 22.11.2009 17:40:10 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:40:10', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','5796',0)

 

Error - 22.11.2009 17:42:15 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:42:15', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','6080',0)

 

Error - 22.11.2009 17:57:45 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:57:45', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbamgui.exe','1864',0)

 

Error - 22.11.2009 17:59:55 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:59:55', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','4600',0)

 

Error - 23.11.2009 03:18:22 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:18:21', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\unins000.exe','5164',0)

 

Error - 23.11.2009 03:23:54 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:23:54', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','5996',0)

 

Error - 23.11.2009 03:24:34 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:24:34', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbamgui.exe','4620',0)

 

Error - 03.12.2009 16:24:50 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:24:50', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','3980',0)

 

Error - 03.12.2009 16:25:00 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:25:00', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','4728',0)

 

 

< End of report >

Hoffe es gibt eine Lösung.

Bis Dann, Wolle