|
Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden. Hallo, in regelmäßigen Abständen bekomme ich den Hinweis von AntiVir, dass der Trojaner Tr/Agent.ruo gefunden wurde. Das Löschen oder in Quanratäne verschieben bringt leider nicht. Die Meldung erscheint immer wieder. Besonders häufig im Zusammenhang mit dem Öffnen von Mozilla Firefox. Bitte um Hilfe! es folgen gleich Malware und OTL-Ergebnisse: Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4095 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 13.05.2010 10:41:55 mbam-log-2010-05-13 (10-41-55).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 126303 Laufzeit: 12 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 5 Infizierte Dateien: 11 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\improvedadshelper.browserwatcher (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\improvedadshelper.browserwatcher.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\improvedadshelper.pornpro_bho (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\improvedadshelper.pornpro_bho.1 (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\improvedadshelper.precachebrowserhost (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\improvedadshelper.precachebrowserhost.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{647d5a4e-78b5-53ed-7e75-1940d1dffea4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\drivers\d3dsviob.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\***\downloads\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\ImprovedAdsHelper\uninstall.exe (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. |
Hier fogen die beiden OTL-Ergebnisse: 1. Extras.Txt (OTL) OTL Extras logfile created on: 13.05.2010 10:57:57 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 17,87 Gb Free Space | 25,89% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 53,61 Gb Free Space | 76,59% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 298,02 Gb Total Space | 148,63 Gb Free Space | 49,87% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: MKU-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08FF0C64-5C4A-48F9-9867-77FEAFC272D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E6419B4-0ED5-464B-8C76-687B5963E1E8}" = lport=445 | protocol=6 | dir=in | app=system | "{0E8D622D-76D8-416E-93D3-75408E2998F4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F5A0D64-EAA4-4BF3-A5B6-F47A0078C20D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{189664C2-34C2-46DF-B02A-C81F24A6AE15}" = lport=2869 | protocol=6 | dir=in | app=system | "{1DF53B68-3408-4FDC-862F-BF8DF505B42C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{233D8A9D-2DE2-43FF-841B-B1411D5AF80B}" = lport=2869 | protocol=6 | dir=in | app=system | "{24E93957-54F2-4D74-9195-E828CC160328}" = lport=10243 | protocol=6 | dir=in | app=system | "{2E7F5162-ED6D-4144-9FA2-590061799ED4}" = lport=137 | protocol=17 | dir=in | app=system | "{35D1C4D7-3807-43CF-88E4-0C98CF50584C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{468719BB-140B-4E1D-B016-176BAC3C377E}" = lport=2869 | protocol=6 | dir=in | app=system | "{4AC35A6A-1844-4F9A-A9D4-67630718D503}" = rport=10243 | protocol=6 | dir=out | app=system | "{4F37119B-F39B-416C-BF5D-639EC159FD3F}" = rport=137 | protocol=17 | dir=out | app=system | "{4F77DEA9-8B7F-4584-AB83-73542D29AB38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5B09E8EE-6BC1-4A81-9EA3-F7583F72E1AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67324842-7E34-4B92-9706-19FEBCA046BA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6F334958-901C-406F-8807-EFF90BB81F2E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7E4E558E-56E3-4F9D-803B-EDA92B978CCA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{85822A38-902C-4561-AA1C-4552C8FEFBDF}" = rport=445 | protocol=6 | dir=out | app=system | "{8893797F-DFC6-4FA2-AAF4-C82A2197186E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B243DD5-40E2-452B-848B-EDF2B8BA4ED2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8EE96380-FEB4-4893-AF63-4ED75661E50E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{99DC931A-AEE6-4D73-A1B7-1FD8BFAE4226}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{9B4BEFD3-F821-44D2-AD71-7E63FA7E3292}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A5A40CF6-A596-40C3-A078-9E49C97AE9B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A63E4DB7-3D8E-476D-B386-C35014647952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8541627-7C3C-458B-AEC9-0C8CB87C859C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ADE992D9-DD53-4F5C-BB8E-1A248875F4A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B9CBC393-CC2E-4534-988A-09555681EB7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C426A92A-667F-4EBC-99F5-29C8F6DEEA45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D06D151A-F400-498A-B13B-C8CE36ADA3F7}" = lport=139 | protocol=6 | dir=in | app=system | "{D4155A78-9721-4E92-A4BB-D5163D97D8BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DBC9FDCA-CAA9-4562-A75E-88BD9B1EF8FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DC20FE48-E8DC-47EC-A1CB-BF88B1D09260}" = lport=138 | protocol=17 | dir=in | app=system | "{DCC5FDDA-B7ED-4FE5-B0C8-512B476A790B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DEAC8CB7-53C0-4CC3-84F9-80FC1E96FEE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E1EA9C1D-6865-4E12-929B-475A08492109}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E4411EA5-0A4F-4BE9-922D-EDFE0B6FED16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E695C7FD-B040-4F61-A776-2CB8AD225214}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F69E1AD7-6940-4A8B-ABEC-E84FD457F3E8}" = rport=138 | protocol=17 | dir=out | app=system | "{FB87ACBC-9587-4FC6-B234-2B088BC060E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFA47E0C-486E-4884-9D3E-8707D0C36C1C}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00588E71-4235-4B72-BF92-7D2A25DBB4FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{02C7240C-A0A2-4F7C-8B26-E08626AC2F1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{060275FB-70F9-435C-B9A3-3EC4D64D8C00}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe | "{08C13219-DB4F-4117-946A-20A96A2D9C65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0B93931B-F00C-4DA7-AE5D-780C3DB9190A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0F339607-59DF-4E53-B9DE-011FFCCDE75A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{13584587-24A3-4600-AE20-0B1B9EA1A46E}" = protocol=6 | dir=out | app=system | "{14A5B779-56D4-4118-8C33-7E40CC877BC3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1C98CEB3-C6D1-4293-8552-B538EE752FC8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{22A9A606-E659-4B12-A289-304C63379BFF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{36C9F4F6-3F84-4CD4-95BD-66A3863AE6E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3BE4EDC3-D92A-4274-8E0D-B7B257618548}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{420A651E-ACF9-4623-95E7-DA3907C5A10E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{59B42212-B0C8-4EDD-BE5E-CBE034A3F9B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5C9D3EB4-F22C-4255-A811-C3E484D409A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5D68A608-5CA6-4FA0-996F-6D229870AB1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5DAC6458-08AA-4E45-90F6-340196E3F463}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5F16B92A-1990-4868-991E-E4D324A50F73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{650FF3C5-5C30-4B44-A8CD-1C541D69AA42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76C949EF-33C7-4D1C-A1A1-1D1BB894C3BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{76D5111B-EDB6-4DA3-B27C-4148BF117639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D4547C5-81B5-47E0-9012-8B652749EA5E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{7E61B604-1335-4578-B8FE-1DC5EA568E08}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{84EC9072-6079-4BBB-BCE7-45873B8B63AB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{877D7C8E-B272-482B-982B-082390B6A9D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8CD5B7D0-6142-47CB-8B30-B41EC9A83B4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{905486EF-1960-4220-92CF-5E3499BA04D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{97C0604A-25EC-4E8D-90E2-AD4A29ECC561}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2A13FC8-713A-458E-90A9-1EF9829DC10F}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{AA94DFA5-47DF-4B72-9279-111C677563CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{ABB867DF-C055-4477-B2F0-C36ECBE0A521}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC16C0B4-B414-4142-901B-8593B9304E82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AEEBABCE-53C0-479B-9E61-2957EF6A6A34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B3A95005-E20A-49E4-82CE-8CE9E52317CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C80F8AC4-0B46-4E6D-AE7A-8D2F95E7CC14}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{CA747CB4-71B9-4F09-B7AC-4CE821EB23CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6A84E96-4807-43B4-8850-1B7D6000D1EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{D85E0400-04FD-429D-A218-C6A84883342F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DAB688A4-4A71-4A32-A747-5C8E64908AD0}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe | "{DEEEBD2E-C9F8-499D-AE3E-02C0D6A1CE0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E48FE666-E7F0-48A3-998C-0D2BB2EF7F2B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{F19FAF4A-A995-43D4-9E7C-D739B2FB792F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F5D8D268-C959-4E5A-90DD-9BF7DFE7C8F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FD00D754-07F2-485B-8054-71E0052C387F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FED1808D-1D82-479F-A3D0-4ECE9805ACD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "TCP Query User{08FB3B4D-3E5F-4647-9AB7-1AC7D58F7AAB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{1BE370F0-3B01-42A4-8063-85CEC326A65D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{66D0D3A0-E1D1-4503-A28A-8615DF3EC7BE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{67F09241-C534-4884-A401-96EA39D6C966}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{8D3D7CA9-E676-4D0F-825B-D4331A509D14}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{B31BB5BC-80C1-43F1-A317-3E9490C3DC22}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{B741BA7C-6376-4821-822B-E964AAD4CF41}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{E9F59130-7EFA-4BC6-AF04-B69A5EEDF0F7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{0B8D6BE2-1826-4099-90CD-685BD7DCCB6E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{3718F321-FB38-4C1F-9283-27D5B7DB1296}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{5BC25134-4E06-42AE-92C1-B2B01D059562}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{628D6F92-9D7B-4D39-B392-4B7F777D6190}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{738214F7-CAD1-4CAB-9764-2DFB051F49D5}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{783B3B8C-6513-4A18-98DF-CAFEE5DB37F2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{A5869D05-5B14-425E-A886-4D5A143C8B9D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{EA47C641-B4FB-49F1-A60D-F8A4601A07DB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0212BFBB-50BA-C4FA-D700-DFBB40A9F1AF}" = Catalyst Control Center Localization Arabic "{0219FD21-8B2E-240B-3D35-997EE0E3F81B}" = Catalyst Control Center Localization Arabic "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{047ACAF8-7642-4940-8EC6-4694E0E60B40}" = CCC Help French "{06F42C96-A96C-F579-B0FA-F44BBA118C51}" = ccc-core-static "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0BB96994-EA3F-D659-6A3B-D2D73FEBD8E4}" = ccc-utility "{0C1D06CD-D5D1-A718-5C8F-27D089C5C39C}" = Catalyst Control Center Localization Finnish "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0DF36AB1-1B4C-CAEC-A23E-EFA25738B60A}" = CCC Help Greek "{110D7DC8-9237-47D3-AB39-50651A10304C}" = SamsungScreensaver "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{12080F61-1225-BCDE-EFE2-3452E826D9AD}" = Catalyst Control Center Graphics Light "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{143539DF-6F6E-9E25-3EDF-0906C7F533B7}" = CCC Help Korean "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II "{148806DB-3E2E-4A2E-D7F8-223EFA43C350}" = Catalyst Control Center Graphics Full New "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20CD8D4B-74ED-BED9-805C-6F4FBE6B4F01}" = ccc-localization-da "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light "{31ACBC65-C234-BD71-3FCE-520EC0138635}" = CCC Help Norwegian "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32B42860-13C9-4ECE-B64C-7F400733FFC3}" = Brother HL-2030 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{3AB54293-0366-7D73-D97E-3DB689A72E4A}" = CCC Help Danish "{3DC4A72C-B683-5733-8A2C-136FBB5619D6}" = Catalyst Control Center Localization German "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{47EDD638-F882-A248-FBA5-B0CCBB9175D8}" = CCC Help Spanish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4D6125BF-2586-9175-24FE-854DD6F6F08F}" = CCC Help Hungarian "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52FE8F38-057E-26C5-DF29-935DE6E218E0}" = Catalyst Control Center Localization Japanese "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5579A7B8-F48A-C2F5-75D0-F67CDFD68461}" = Catalyst Control Center Core Implementation "{5A4BB8B6-8BE7-A8AF-528C-55A50DD18497}" = Catalyst Control Center Localization Arabic "{5AA05616-21D6-63D5-CA68-73200B161599}" = CCC Help Czech "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{5E99C53A-D37E-CEA5-0398-329F15494618}" = Catalyst Control Center Graphics Full Existing "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{64536DB8-3247-4489-6BC3-BCD0DCC74810}" = Catalyst Control Center Localization Spanish "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BD4EDE4-053E-FC85-AFC2-58306952BDBD}" = Catalyst Control Center Localization French "{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version] "{6F6D2DE6-44FA-EAF4-0028-7FAE37A76B4C}" = CCC Help Turkish "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E2F10D-4A74-A354-3D41-CF439A501AE5}" = CCC Help Italian "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3 "{8448A09D-0E2A-4EFA-6A16-AFA374AE088F}" = Catalyst Control Center Graphics Previews Vista "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{87858FF1-3D1C-301A-0C62-62F977659969}" = Catalyst Control Center Localization Italian "{8799B11A-0E01-1729-B527-802A3513BEE7}" = CCC Help Polish "{8A51FE4C-7DC6-8C9B-67D7-8536B7413BFE}" = Catalyst Control Center Localization Korean "{8A92CE03-CEEB-145D-1F8D-FBC0DDE0CDEF}" = CCC Help Finnish "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8ED71B2B-8228-EFF8-B566-890D771A6A98}" = CCC Help Swedish "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{903194A5-E1E4-E56B-8B3C-C52664CD6A65}" = CCC Help Japanese "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{95CCAA64-028C-FF26-B553-3401EA3B137B}" = CCC Help Chinese Standard "{98C0E007-7225-550C-BD4D-16A53171FA5B}" = CCC Help Chinese Traditional "{99825ADC-3BAC-40C6-3FA1-A80496C5FE4D}" = CCC Help German "{99FBF341-96A4-6E6B-F098-F5318F74FD8B}" = Catalyst Control Center Localization Hungarian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AEE384F-4CEB-9FD4-0ECA-5A2A5FF3FC65}" = Catalyst Control Center Localization Arabic "{A0A703E5-975D-8426-B654-A3C86EEA771F}" = Catalyst Control Center Localization Greek "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400 "{A2E2B102-C07F-2D6A-F826-FBE911583029}" = Catalyst Control Center Localization Arabic "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB8465B2-8971-83AA-72AC-08C870CAB14B}" = CCC Help English "{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite "{B57D54D5-BE8F-152A-3DDA-2CCC34916ABB}" = Catalyst Control Center Localization Czech "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C2F84222-A797-3ADB-F73F-F9FEA356365E}" = Catalyst Control Center Localization Chinese Standard "{C5DC24CC-98D8-3714-20DE-F3154692CAC1}" = CCC Help Portuguese "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CCD378A2-71C4-4452-8A9D-D84A6FF9B766}" = Lotus Notes 6.5.5 de "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D6339BC5-BD2E-580C-0A9E-EF09B768C891}" = CCC Help Thai "{DDFA8768-E4A8-4EFA-637B-DF23DC3EFD04}" = Catalyst Control Center Localization Chinese Traditional "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF1F4246-C7DF-7C15-6BBD-211E768EB715}" = Catalyst Control Center Localization Arabic "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E481BC06-6BBB-093B-728A-C8EEB98E1E47}" = Catalyst Control Center Localization Arabic "{E5BED6AE-BEF7-8504-38DB-F881A526F5C2}" = Skins "{E6ED4B08-2382-44EB-9A61-B47DB6857D0A}" = Brother HL-2030 "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EC69E8A3-A20F-E735-968A-CE6D4E1FA857}" = CCC Help Russian "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{ED8EACD0-3B35-AA21-DA10-6372AB6D19CA}" = CCC Help Dutch "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.0 "{FF602681-E2E7-9FFF-9752-3B0F8E7D38F1}" = Catalyst Control Center Localization Arabic "3GP Player_is1" = 3GP Player 2007 "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "AdvancedHelper" = AdvancedHelper "AFPL Ghostscript 8.50" = AFPL Ghostscript 8.50 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Agere Systems Soft Modem" = Agere Systems HDA Modem "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CCleaner" = CCleaner "Dicionário Larousse da Língua Portuguesa_is1" = Dicionário Larousse da Língua Portuguesa "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EA/LimDep" = EA/LimDep "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "Everest Poker" = Everest Poker (Remove Only) "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free PowerPoint/PPT to Pdf Converter_is1" = Free PowerPoint/PPT to Pdf Converter 5.6 "Google Updater" = Google Updater "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "JoJoThumb_is1" = JoJoThumb 2.10.2 "JoJoWall_is1" = JoJoWall 1.0.4 "LimeWire" = LimeWire 4.18.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre) "MultiTranse_is1" = MultiTranse 4.7.1 "Nvu_is1" = Nvu 1.0 "PDF Blender" = PDF Blender "PremElem20" = Adobe Premiere Elements 2.0 "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver" = ProtectDisc Helper Driver "RealPlayer 12.0" = RealPlayer "Samsung CLX-6200 Series" = Samsung CLX-6200 Series "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 0.9.4 "Winamp" = Winamp "WinDSL" = WinDSL "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "WordToPDF_is1" = WordToPDF 2.4 "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "pdfsam" = pdfsam ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.06.2009 08:56:14 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error - 24.06.2009 03:56:07 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 24.06.2009 03:56:07 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error - 25.06.2009 02:57:18 | Computer Name = MKU-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung OUTLOOK.EXE, Version 12.0.4518.1014, Zeitstempel 0x4542840f, fehlerhaftes Modul OUTLOOK.EXE, Version 12.0.4518.1014, Zeitstempel 0x4542840f, Ausnahmecode 0xc0000005, Fehleroffset 0x006bdd6d, Prozess-ID 0x1348, Anwendungsstartzeit 01c9f4a17f2cab80. Error - 27.06.2009 02:15:02 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 27.06.2009 02:15:02 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error - 29.06.2009 07:35:21 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 29.06.2009 07:35:21 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error - 29.06.2009 12:28:14 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 29.06.2009 12:28:14 | Computer Name = MKU-PC | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. [ Media Center Events ] Error - 23.03.2008 09:32:43 | Computer Name = MKU-PC | Source = MCUpdate | ID = 0 Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'. Error - 17.04.2008 16:32:43 | Computer Name = MKU-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.10.2009 04:19:02 | Computer Name = MKU-PC | Source = MCUpdate | ID = 0 Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'. [ OSession Events ] Error - 19.04.2009 14:59:53 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 19.04.2009 15:00:52 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash. Error - 21.04.2009 05:56:53 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 94687 seconds with 5580 seconds of active time. This session ended with a crash. Error - 24.04.2009 11:19:45 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68634 seconds with 6360 seconds of active time. This session ended with a crash. Error - 24.04.2009 17:05:47 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15815 seconds with 2280 seconds of active time. This session ended with a crash. Error - 25.06.2009 02:57:13 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82751 seconds with 1980 seconds of active time. This session ended with a crash. Error - 06.08.2009 03:04:47 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 66998 seconds with 3720 seconds of active time. This session ended with a crash. Error - 09.08.2009 03:29:26 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 260610 seconds with 10560 seconds of active time. This session ended with a crash. Error - 04.09.2009 04:08:07 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 352266 seconds with 18000 seconds of active time. This session ended with a crash. Error - 18.10.2009 03:41:15 | Computer Name = MKU-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87568 seconds with 5280 seconds of active time. This session ended with a crash. [ System Events ] Error - 12.05.2010 05:46:47 | Computer Name = MKU-PC | Source = DCOM | ID = 10010 Description = Error - 12.05.2010 05:48:11 | Computer Name = MKU-PC | Source = DCOM | ID = 10005 Description = Error - 12.05.2010 05:48:11 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7009 Description = Error - 12.05.2010 05:48:11 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13.05.2010 02:32:40 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7011 Description = Error - 13.05.2010 02:36:35 | Computer Name = MKU-PC | Source = DCOM | ID = 10010 Description = Error - 13.05.2010 02:40:42 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13.05.2010 02:41:04 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7026 Description = Error - 13.05.2010 04:47:43 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13.05.2010 04:47:43 | Computer Name = MKU-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
2. OTL.Txt OTL logfile created on: 13.05.2010 10:57:57 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 17,87 Gb Free Space | 25,89% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 53,61 Gb Free Space | 76,59% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 298,02 Gb Total Space | 148,63 Gb Free Space | 49,87% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: MKU-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\JoJoWall\JoJoWall.exe (Johannes Tschebisch) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH) DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (WinDSLp) -- C:\Windows\System32\drivers\WinDSL.sys (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG) DRV - (WinDSLa) WinDSL-Adapter (PPP-over-Ethernet) -- C:\Windows\System32\drivers\WinDSL.sys (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\SAMSUNG NOTEBOOK PC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.24 15:04:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 20:14:41 | 000,000,000 | ---D | M] [2008.08.31 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.10.15 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2k0t6ax2.default\extensions [2010.01.27 17:27:44 | 000,002,280 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2k0t6ax2.default\searchplugins\google-und-download-suche.xml [2008.07.19 16:03:16 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2k0t6ax2.default\searchplugins\winamp-search.xml [2010.04.22 20:15:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.22 20:15:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.12 12:38:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 12:38:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 12:38:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 12:38:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 12:38:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinDSL MTU-Adjust] C:\Windows\System32\WinDSL_MTU.exe (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoJoWall.lnk = C:\Programme\JoJoWall\JoJoWall.exe (Johannes Tschebisch) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} h**ps://notesmail.dmz.uni-wh.de/iNotes6W.cab (iNotes6 Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} h**p://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Documents\Documents\JoJoWall.bmp O24 - Desktop BackupWallPaper: C:\Users\***\Documents\Documents\JoJoWall.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.10.24 14:30:10 | 000,000,088 | R--- | M] () - H:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00e5d263-0c22-11de-8b2d-000000000000}\Shell\AutoRun\command - "" = wdsync.exe O33 - MountPoints2\{5cf7ef9c-2bb6-11de-96de-000000000000}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe O33 - MountPoints2\{5cf7ef9c-2bb6-11de-96de-000000000000}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe O33 - MountPoints2\{5cf7ef9c-2bb6-11de-96de-000000000000}\Shell\Open\Command - "" = AutoRun\AutoStart.exe O33 - MountPoints2\{63b03fcd-3119-11dc-9498-00137736cfe3}\Shell\AutoRun\command - "" = F:\Recycle\P-1-3-64-8794238531-8742492-9897532\Furio.exe -- File not found O33 - MountPoints2\{63b03fcd-3119-11dc-9498-00137736cfe3}\Shell\open\command - "" = F:\Recycle\P-1-3-64-8794238531-8742492-9897532\Furio.exe -- File not found O33 - MountPoints2\{8ab3dfab-0f06-11df-9116-000000000000}\Shell\AutoRun\command - "" = H:\TOSHIBA\more4you.exe -- [2009.04.20 20:24:50 | 011,548,576 | ---- | M] (TOSHIBA) O33 - MountPoints2\{aa3adebf-0667-11de-9781-000000000000}\Shell\AutoRun\command - "" = G:\d8k6hg.com -- File not found O33 - MountPoints2\{aa3adebf-0667-11de-9781-000000000000}\Shell\open\Command - "" = G:\d8k6hg.com -- File not found O33 - MountPoints2\{b2130c3c-13c1-11df-8a30-000000000000}\Shell\nvda\command - "" = nvda\nvda.exe O33 - MountPoints2\{b416f1c5-c6c6-11de-aba5-000000000000}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{eae89cbf-a038-11dd-b4cc-000000000000}\Shell\AutoRun\command - "" = bjqmlc.exe O33 - MountPoints2\{eae89cbf-a038-11dd-b4cc-000000000000}\Shell\explore\Command - "" = bjqmlc.exe O33 - MountPoints2\{eae89cbf-a038-11dd-b4cc-000000000000}\Shell\open\Command - "" = bjqmlc.exe O33 - MountPoints2\{f0c30dc2-deca-11de-8ca8-839c64e3fdb3}\Shell - "" = AutoRun O33 - MountPoints2\{f0c30dc2-deca-11de-8ca8-839c64e3fdb3}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{f0c30dc8-deca-11de-8ca8-839c64e3fdb3}\Shell - "" = AutoRun O33 - MountPoints2\{f0c30dc8-deca-11de-8ca8-839c64e3fdb3}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.13 10:26:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.05.13 10:26:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.13 10:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.13 10:26:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.13 10:05:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.13 09:40:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Data [2010.05.13 09:36:11 | 002,437,632 | ---- | C] (Codejock Software) -- C:\Users\***\Desktop\ToolkitPro1211vc80U.dll [2010.05.13 09:36:10 | 001,392,640 | ---- | C] (Online Solutions) -- C:\Users\***\Desktop\osam_gui.dll [2010.05.13 09:36:10 | 001,093,632 | ---- | C] (Online Solutions) -- C:\Users\***\Desktop\osam_srv.dll [2010.05.13 09:36:10 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\mfc80u.dll [2010.05.13 09:36:10 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\msvcr80.dll [2010.05.13 09:36:10 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\msvcp80.dll [2010.05.13 09:36:10 | 000,372,736 | ---- | C] (Online Solutions) -- C:\Users\***\Desktop\osam.exe [2010.04.22 20:14:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.04.22 20:14:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.22 20:14:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.22 20:14:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.14 10:13:30 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 10:13:10 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 10:13:10 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 07:43:48 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 07:43:48 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2006.11.25 00:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.25 00:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2010.05.13 11:04:03 | 004,194,304 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.13 10:53:39 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2010.05.13 10:50:06 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.05.13 10:47:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.13 10:47:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.13 10:47:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.13 10:47:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.13 10:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.13 10:46:59 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys [2010.05.13 10:46:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.13 10:46:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.13 10:44:59 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.13 10:22:54 | 000,000,302 | ---- | M] () -- C:\Users\***\Documents\Documents\cc_20100513_102250.reg [2010.05.13 10:22:01 | 000,001,822 | ---- | M] () -- C:\Users\***\Documents\Documents\cc_20100513_102154.reg [2010.05.13 10:20:32 | 000,237,916 | ---- | M] () -- C:\Users\***\Documents\Documents\cc_20100513_101959.reg [2010.05.13 10:17:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.13 09:52:04 | 000,002,735 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk [2010.05.13 08:34:06 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA4BD26E-836F-4E01-972A-10244985992E}.job [2010.05.11 21:30:07 | 000,072,192 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.11 08:02:32 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.05.09 21:17:47 | 000,736,486 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.09 21:17:47 | 000,360,834 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.09 21:17:47 | 000,252,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.09 21:17:47 | 000,081,170 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.09 21:17:47 | 000,058,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.04 09:17:39 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.16 10:22:31 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2010.05.13 10:22:53 | 000,000,302 | ---- | C] () -- C:\Users\***\Documents\Documents\cc_20100513_102250.reg [2010.05.13 10:21:58 | 000,001,822 | ---- | C] () -- C:\Users\***\Documents\Documents\cc_20100513_102154.reg [2010.05.13 10:20:13 | 000,237,916 | ---- | C] () -- C:\Users\***\Documents\Documents\cc_20100513_101959.reg [2010.05.13 09:36:11 | 000,002,371 | ---- | C] () -- C:\Users\***\Desktop\Microsoft.VC80.MFC.manifest [2010.05.13 09:36:11 | 000,001,869 | ---- | C] () -- C:\Users\***\Desktop\Microsoft.VC80.CRT.manifest [2010.04.16 10:22:31 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2009.10.20 09:28:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.05 14:56:15 | 000,022,723 | ---- | C] () -- C:\Windows\System32\c620cl3.dll [2009.01.10 20:32:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.06.26 20:58:39 | 000,458,752 | ---- | C] () -- C:\Windows\System32\kbdqdkc.dll [2008.05.20 16:43:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.02.08 10:59:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.01.12 18:37:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2008.01.12 18:37:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2008.01.12 18:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2008.01.12 18:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2008.01.12 18:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2008.01.12 18:32:25 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.01.12 18:32:25 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2007.10.04 11:10:58 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.10.04 11:10:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.07.13 10:35:41 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2007.02.28 20:27:59 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2007.02.28 20:27:59 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2007.02.28 19:39:32 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.02.28 19:39:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.02.16 02:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.30 03:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.21 23:43:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.09 20:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > |
Hallo und :hallo: Beim Agent.ruo Befall benötigen wir zuerst ein OSAM Logfile. Bitte posten. |
Hallo, vielen Dank schonmal für die Hilfe! Hier das Ergebnis von Osam: Code: Report of OSAM: Autorun Manager v5.0.11926.0 |
Code: [Drivers]C:\Windows\system32\drivers\d3dsviob.sys bei https://www.virustotal.com auswerten und poste den Ergebnislink. |
hab aber was für dich hxxp://forum.avira.de/wbb/index.php?page=Thread&postID=930501 |
Was soll ihm der Strang bringen? Wir bereinigen hier doch schon! :confused: |
Habe die Deaktivierung in Osam erledigt. Die Datei war danach nicht mehr vorhanden, so dass ich sie nicht auswerten lassen kann. Hier der neue Log: Code: Report of OSAM: Autorun Manager v5.0.11926.0 |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Hi, habe beides gemacht. Während der Scandurchläufe habe ich jeweils einmal die Virusmeldung von AVIRA bekommen. Der Virus scheint also noch da zu sein. Hier die Ergebnisse: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4137 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 24.05.2010 18:42:33 mbam-log-2010-05-24 (18-42-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|) Durchsuchte Objekte: 398389 Laufzeit: 3 Stunde(n), 33 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Adobe CS4\Adobe CS4\Crack\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/25/2010 at 02:39 AM Application Version : 4.37.1000 Core Rules Database Version : 4977 Trace Rules Database Version: 2789 Scan type : Complete Scan Total Scan Time : 06:57:09 Memory items scanned : 833 Memory threats detected : 0 Registry items scanned : 8592 Registry threats detected : 0 File items scanned : 279096 File threats detected : 0 |
Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:03 Uhr. |
Copyright ©2000-2025, Trojaner-Board