| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Update TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2012, 12:51
| #1 |
| |  Windows Update Trojaner ein Hallo an alle in der community. Habe immer noch ein Problem mit dem Verschlüsselungstrojaner. Mein Sohn hat sich den auf seinem rechner eingefangen, nachdem er eine zip-datei geöffnet hatte (irgend so ein minecraft-skin oder sowas)  hab das vor zwei wochen schon entfernt, mit malware-bytes, ging auch prima, obwohl ich Depp mich nicht an die Anweisungen hier gehalten habe, sondern die Funde gleich hab löschen lassen. Dachte, damit sei es getan. Die Aufforderung zur zahlung kommt auch nicht mehr, habe dann mühsam mit Shadow-Explorer alle verschlüsselten Dateien wieder zurück kopiert. Ein paar Tage später sind alle dateien wieder verschlüsselt, es kommt zwar nicht die aufforderung, zu zahlen, man kann den rechner normal nutzen, nur die dateien sind wieder futsch. Hab jetzt Malwarebytes nochmal drüber laufen lassen, der findet aber nix. lediglich avira hat angeschlagen und mir folgende Meldung gebracht: [FUND] Ist das Trojanische Pferd TR/Matsnu.EB.31 und hat diesen fund bereinigt. Was kann ich tun, damit ich die dateien dauerhaft wieder herstellen kann? MIt shadowexplorer geht es ja, nur bringt das nix, wenn ein paar tage später wieder alles verschlüsselt ist.Danke schon mal für alle hilfreichen tipps im voraus. Gruß Uwe Hier jetzt die otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.07.2012 18:53:49 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free 7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.08 18:53:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe PRC - [2012.07.08 18:51:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.05.21 16:30:24 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.10 05:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.02.10 05:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.11.07 21:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe PRC - [2011.11.07 21:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe PRC - [2011.07.01 11:39:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 14:18:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe PRC - [2010.11.05 20:31:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe ========== Modules (No Company Name) ========== MOD - [2012.07.08 18:51:54 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.27 18:17:40 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\ProgramData\IBUpdaterService\ibsvc.exe /SERVICE -- (IBUpdaterService) SRV - [2012.07.08 18:51:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.21 16:30:24 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.11.07 21:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011.11.07 21:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011.07.01 11:39:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 14:18:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.06 03:44:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.) DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.10 06:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.07.01 11:39:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 11:39:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.10.25 19:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2003.11.14 10:38:32 | 000,183,680 | ---- | M] (D-Link. All Rights Reserved.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETDLWL.sys -- (NETDLWL) D-Link Air Wireless Adapter(DL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={24D37CD6-7170-4586-B0FA-1D8C221395F2}&mid=f298667c21564c9593c0d71952b4a87f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-05-21 16:30:26&v=11.1.0.7&sap=hp IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=008a1226000000000000001195290246 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={24D37CD6-7170-4586-B0FA-1D8C221395F2}&mid=f298667c21564c9593c0d71952b4a87f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-05-21 16:30:26&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0 FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:4.22.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.25 15:03:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 17:57:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 18:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 14:27:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 17:57:49 | 000,000,000 | ---D | M] [2009.10.08 12:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions [2012.07.08 18:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions [2011.01.16 13:22:19 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2012.07.08 18:52:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.08 17:55:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.02 21:58:17 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2010.08.17 20:27:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.11.29 15:22:55 | 000,002,270 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\1u47sd1b.default\searchplugins\SearchTheWeb.xml [2012.06.16 14:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.16 19:14:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.02 21:58:17 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com [2011.12.02 21:58:17 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\WEBBOOSTER@IMINENT.COM [2012.07.08 18:51:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.07.08 18:51:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.21 16:30:22 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.16 10:35:28 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.07.08 18:51:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.08 18:51:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.02.10 16:08:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.07.08 18:51:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.10 12:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml [2012.07.08 18:51:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.08 18:51:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.17 17:23:16 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [wyat.exe] C:\Users\Marc\AppData\Roaming\Yqwez\wyat.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA3E22A-FDCD-4A04-A6F4-91DDB2A5C842}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2e2ea98a-c146-11de-82d5-001195290246}\Shell - "" = AutoRun O33 - MountPoints2\{2e2ea98a-c146-11de-82d5-001195290246}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{2e2ea9c4-c146-11de-82d5-001195290246}\Shell - "" = AutoRun O33 - MountPoints2\{2e2ea9c4-c146-11de-82d5-001195290246}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.08 18:53:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012.07.08 18:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.08 18:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.07.08 14:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.07.08 14:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.07.08 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.08 13:21:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.08 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.25 15:07:15 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes [2012.06.25 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\Lllliii [2012.06.24 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.06.24 18:14:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\HP [2012.06.24 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\HP [2012.06.24 17:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.06.24 17:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.06.24 17:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.06.24 17:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012.06.24 17:55:21 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z [2012.06.24 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.06.24 17:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.06.24 15:23:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\.techniclauncher [2012.06.23 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer [2012.06.23 17:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.22 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Aavvvveeee [2012.06.16 14:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.16 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.16 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\My Videos [2012.06.16 13:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012.06.16 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2012.06.16 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\SelfMV [2012.06.16 12:14:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup [2012.06.16 12:14:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup\0200110.014 [2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup [2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup [2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.06.16 12:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.06.16 12:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012.06.16 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Samsung [2012.06.16 11:27:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\samsung [2012.06.16 11:25:59 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys [2012.06.16 11:25:59 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.06.16 11:25:59 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.06.16 11:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.06.16 11:24:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.06.16 11:24:36 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.06.16 11:05:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.16 11:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverBoost [2012.06.16 10:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.06.16 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Babylon [2012.06.16 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Babylon [2012.06.16 10:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.06.16 10:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2006.11.20 10:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\AMCap.exe [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.08 18:53:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012.07.08 18:49:54 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.07.08 18:49:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.08 18:49:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.08 18:49:08 | 2868,191,232 | -HS- | M] () -- C:\hiberfil.sys [2012.07.08 18:48:04 | 000,000,020 | ---- | M] () -- C:\Users\Marc\defogger_reenable [2012.07.08 18:47:06 | 000,050,477 | ---- | M] () -- C:\Users\Marc\Desktop\Defogger.exe [2012.07.08 18:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.08 13:26:38 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.08 13:26:38 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.08 13:21:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.08 13:12:25 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012.06.24 18:14:40 | 000,002,164 | ---- | M] () -- C:\ProgramData\xxoooEfffVjjjAttss [2012.06.24 18:14:39 | 000,241,192 | ---- | M] () -- C:\Windows\hpwins28.dat [2012.06.24 18:10:26 | 000,339,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.24 17:56:21 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.06.24 14:48:38 | 000,052,736 | ---- | M] () -- C:\Users\Marc\Desktop\OODDDDQQQQTTTarrrNsss [2012.06.23 20:11:45 | 000,946,352 | ---- | M] () -- C:\Users\Marc\Desktop\pXXgggglDDDuuuuaT [2012.06.23 20:08:12 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Outlook 2007.lnk [2012.06.20 13:41:05 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.20 13:41:05 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.20 13:41:05 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.20 13:41:05 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.16 11:29:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.06.16 11:27:43 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.06.16 10:35:32 | 000,000,474 | ---- | M] () -- C:\XpXOgOgesesJvvJa [2012.06.12 16:15:54 | 000,001,608 | ---- | M] () -- C:\Users\Marc\Desktop\TaTrNNNseesJJJJXX [2012.06.10 12:56:21 | 000,690,289 | ---- | M] () -- C:\Users\Marc\Desktop\VEEEEttttAAjjU [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.08 18:49:54 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.07.08 18:47:17 | 000,000,020 | ---- | C] () -- C:\Users\Marc\defogger_reenable [2012.07.08 18:47:05 | 000,050,477 | ---- | C] () -- C:\Users\Marc\Desktop\Defogger.exe [2012.07.08 13:21:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 18:12:47 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2012.06.24 17:57:12 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2012.06.24 17:56:51 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012.06.24 17:56:21 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.06.24 17:54:10 | 000,241,192 | ---- | C] () -- C:\Windows\hpwins28.dat [2012.06.24 17:54:10 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2012.06.23 20:08:12 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Outlook 2007.lnk [2012.06.16 14:27:06 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.16 12:14:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NortonPCCheckup\0200110.014\isolate.ini [2012.06.16 11:29:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.06.16 11:27:43 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.21 16:29:37 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe [2012.05.21 16:29:37 | 000,106,879 | ---- | C] () -- C:\Windows\unins000.dat [2012.05.12 21:01:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll [2012.05.05 20:35:04 | 000,004,608 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.23 19:16:31 | 002,497,985 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.10.01 09:25:24 | 000,138,056 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\PnkBstrK.sys [2010.07.11 10:34:33 | 000,117,536 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [1601.02.13 10:28:18 | 012,824,576 | ---- | C] () -- C:\ProgramData\UdddooooxxxxAjjjfff [1601.02.13 10:28:18 | 000,002,164 | ---- | C] () -- C:\ProgramData\xxoooEfffVjjjAttss [1601.02.13 10:28:18 | 000,001,456 | ---- | C] () -- C:\Users\Marc\oEEVfffAjjjtttsnnnn [1601.02.13 10:28:18 | 000,001,326 | ---- | C] () -- C:\Users\Marc\UnnnnttttjjjAV ========== LOP Check ========== [2012.06.23 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.minecraft [2012.06.25 15:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.techniclauncher [2012.06.23 20:00:59 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Aavvvveeee [2009.10.25 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ace [2012.06.16 10:34:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Babylon [2012.05.21 15:49:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite [2011.11.08 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoft [2011.11.08 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.23 16:46:18 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\EAC [2012.03.24 15:46:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0 [2010.09.08 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\IObit [2012.03.08 14:30:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LOVE [2010.03.21 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ML [2012.03.19 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Nav [2011.03.02 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OpenCandy [2012.03.23 20:26:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Paeh [2010.03.21 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PC Suite [2012.01.15 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\pymclevel [2012.06.16 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung [2012.04.03 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer [2012.06.16 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Temp [2012.05.28 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TS3Client [2012.04.22 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ts3overlay [2010.01.06 11:00:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TuneUp Software [2012.06.20 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Usol [2010.07.10 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\uTorrent [2009.12.26 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\VOWSoft [2012.07.08 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Yqwez [2012.04.16 17:16:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und die extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.07.2012 18:53:49 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free
7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CAC1F2-6BDC-4442-81D8-39A559866D27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{052A3DCD-D595-4ADB-8A99-A74F644F74D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D876DBE-3004-48CF-9735-304D95FF07FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{114EB8E1-973C-4D97-BD18-27AAE3DF3237}" = lport=138 | protocol=17 | dir=in | app=system |
"{28209765-CA1D-4C01-B6CE-BF7E0D4C3860}" = lport=10243 | protocol=6 | dir=in | app=system |
"{36296F85-F860-4704-B154-CEB004EB2F14}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3AB5B97B-FF53-48D5-8834-526F2EB103B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46D9D26B-A36F-4FC2-9565-5E4B16E18634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54E8FD00-7008-47EB-9C9B-6CDE0EAA8122}" = rport=137 | protocol=17 | dir=out | app=system |
"{5882A000-EF51-45BD-B013-7C31D8DB7503}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B818502-9145-4E17-9C7B-0FA3BD2CE017}" = lport=137 | protocol=17 | dir=in | app=system |
"{660ADB5D-F6EB-468B-8C78-7EF534945204}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6843EE47-F130-49D4-BBBF-4BE74565C00E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{6F0276BB-FF51-47A9-A2F2-95FAEA5B7553}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{7B584832-A4D2-4E95-88BD-F358F8C9CFB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7DDE0B88-F3BC-4881-B4CB-4A86DA407CC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F7432EA-D4B4-4FCE-B195-7796F2441631}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{85251080-AD27-48DB-9D61-F2027B5F02B1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{967288A7-DD50-44A7-A0DD-2AAC54092DC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4D64974-6BDD-4571-BFAF-EE26854FD1AB}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8A16771-965F-4B82-B384-AE45BD38E19A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BEA71CB9-E99D-4FB8-B16F-12C4459F6BD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{C240DDC9-D8EB-4221-8B4D-8DC297DD2EAF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{C8D2E36B-7406-45BD-B0F6-31C6824F3694}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9CDBFFC-9E12-4EFD-A3D1-88D9383E4632}" = lport=139 | protocol=6 | dir=in | app=system |
"{D96D9569-3FDD-46BE-802A-0666DC179B15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF8E6B6C-2C28-432A-BD14-17CC59A4E5EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E4B64D37-6D64-4746-BD94-D88EC3D0572C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B04D39-9F0F-4F95-B2C2-BFE47B8CEA46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBFD80AC-FE39-4C8E-A86B-6EF9B3630DCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3C1DAEE-4041-4485-90ED-F9FADCA5DD63}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCB716A4-C63C-4DC7-978F-44587ED02892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D8611-0A3E-4863-8CAB-E56FDEE62935}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{016F7AD2-D993-4EF5-A955-729585D2CD15}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{04A7FB85-8B16-4769-93CE-20C61BEE7EEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0628A924-182C-4CEE-956C-9C521E6796C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{081E05F7-9E80-48B8-9601-2A45DD7440A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0877954B-AB37-4469-9638-E98A8A79BF15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A7AF1D2-EBE5-4BCB-98E5-F4C5BEF9DFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C34975E-1C00-4D9E-B7FD-A7213067E3DA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{0D3785A2-4B1B-479B-BAF1-62D6C0265A23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{19CFEF43-CA16-4572-B87B-7A61968FD722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C440BDA-AC23-4086-9771-76B2DD14E1A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DDC602B-A678-4A02-8EEB-27F2163CDE77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2450ECE2-D7BF-461C-AD16-7B2ADC7A7ECC}" = dir=in | app=c:\users\marc\appdata\roaming\caizwu\omquuv.exe |
"{27B40E8C-941D-444B-9BF0-FAFD0ABF64BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FCF5E70-A2D8-4D91-B980-66C0E61DC73F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3022927B-B3C1-4770-851D-32DD448C3D86}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{349D5E97-86F2-4579-B893-D40B1A292F31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{34B71966-2466-4DF6-8D57-F6C2260B0E73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D01B98D-6F7F-465D-AED3-00797A71CB01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4135BAD7-3982-4AE5-8655-B9B8FD07B9BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B8E0D77-1431-4C74-B3B4-C5AFEF789AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{533E0691-6A67-44E2-B67A-AD43E0F654BB}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{58FBC19C-42B3-493C-95E8-92DAACD4CB3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{594B5D62-2060-4C79-8F4B-7E6C49ED78C3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{59F4633A-6EF7-4CE0-9960-AD7BB1211512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A537822-0542-4D2A-BF35-96BDF9DEFB43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B4A945D-B983-434C-B1A8-12D474691266}" = dir=in | app=c:\users\marc\appdata\roaming\ukt\kaocyp.exe |
"{61689875-4EB9-4CD3-BD64-E942E7646EA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66CE61D9-CBA1-46D7-B423-4F820A53598A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7385F193-68E2-4794-83CC-BE6DB5101F81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73FBC5A1-657F-4522-A995-979F413B8A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF56B93-DA53-48A9-A5AE-51BE5A6E367B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D0CFE66-89E2-4CDF-B5A6-A6BB7D511E3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D84475D-F2B9-4F20-8285-DCC4BC0EB970}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7EB7552C-7B7E-4647-9C41-F2CB89AD48BE}" = dir=in | app=c:\users\marc\appdata\local\temp\hp\oj4500vg510n-z_full_13\setup\hpznui01.exe |
"{89C1F0CD-0C78-44B1-8B63-0B13FDC6C3B8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B2BF136-A5CB-4CC9-8750-3D24C627B7C9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{8FB2FE86-C42D-4C63-AEA8-488F13F4BFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97640F88-2FB1-4899-88D6-229139A2C094}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9B67495A-49B4-44D3-B33E-568AC6A14900}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A123AF15-F53E-40C4-B571-5194473B6B5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A19C9B7C-5389-42D0-8AD3-D61B1E02B657}" = protocol=6 | dir=out | app=system |
"{A2083CC7-9881-4E22-A700-37B696915F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A54F46DB-DD42-4FBA-B376-9FE4965DDDFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFCECB70-B939-4470-B5EA-F64B6F770D2E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B131EEE0-7B04-4316-843C-8922C2665DAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B21FC084-7DCC-4ACF-9671-5EFFB951C0E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9EEEF83-3B7E-4666-8DB4-2C78773F9386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDDC63CC-FDB9-4067-97BF-620080020D1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C011A033-F2CD-4A49-B8DC-22FADBFF2BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C41464D4-A3FE-40C2-8E8E-CE6FC2139BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1D792CC-4D24-4D93-82E4-45AAC1B2BC44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D407789A-1A14-4851-AFCF-F17B9ACBFC83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5AC5A0C-D652-495C-8D8D-7677016E87B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F5C5EE-5E57-47C6-A5D9-7D2A08135D55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7C90040-9627-4838-AB44-152444302AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9A2FF27-6CCA-4429-A5CA-11325735B7D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2FD37C4-BE3A-408F-9D25-D334C7D68419}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E3E4AAE2-838A-41CE-8EBE-66CD35F7AA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7CAF1DB-411C-41C2-A54C-1230B478F41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF867302-F88F-4640-8FBA-06A7CEC36594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F29B71ED-460F-4AB8-9485-A5EA81F2D568}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2B21985-158B-4A0F-9986-0E27812F8A82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F84EEAD8-F85F-496D-91F0-09D6171752EB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{19AAD408-A4FC-435F-96BF-081D02D24D8B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{4262856C-8EBA-4375-A845-6852341C305D}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"TCP Query User{AFE500CB-840B-4C5F-8F0B-58F5ECAB29BC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{BF14DF89-4AEC-42B4-8424-CC3EE4381AEB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D6F1AE32-0570-477C-B9ED-DA67FAF6D816}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DE8232E4-A934-47A6-970E-9369150ACB27}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F15EA9AD-C100-4399-B8B9-63D1CA00AA5F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{074A5CAA-717D-4298-B243-5C6A389F7DAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2010D67B-1438-4413-A404-0A50994ECBC9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{80ED73C8-3CBC-4737-B3CE-F879E0E281E4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{917EF290-2C5B-43F1-81BE-CA3038C730B9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{97FDA563-FFAD-4587-98CF-AA055140ED64}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EBF5095B-1C54-4EFD-9970-F0248D1AD53A}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"UDP Query User{FA164B0E-4FDD-41A3-AEE3-23A1B90E4715}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 vibration driver version 0.100
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Moozy
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"CL-Eye Driver" = CL-Eye Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PSP Games Classics_is1" = PSP Games Classics
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2012 08:54:28 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =
Error - 25.06.2012 09:02:28 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm java.exe, Version 6.0.200.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16cc Startzeit:
01cd52d293e6722d Endzeit: 113 Anwendungspfad: C:\Program Files\Java\jre6\bin\java.exe
Berichts-ID:
01aed14c-bec6-11e1-92ac-001195290246
Error - 25.06.2012 09:03:23 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ntvdm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc158 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ffff ID des fehlerhaften
Prozesses: 0x10f8 Startzeit der fehlerhaften Anwendung: 0x01cd52d2e5164210 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\ntvdm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 245ce38a-bec6-11e1-92ac-001195290246
Error - 08.07.2012 07:15:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x16f8 Startzeit der fehlerhaften Anwendung: 0x01cd5cfacff71956 Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 32af0e7a-c8ee-11e1-9681-001195290246
Error - 08.07.2012 07:15:57 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x1298 Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0adc043c Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 4a059259-c8ee-11e1-9681-001195290246
Error - 08.07.2012 07:16:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x17f0 Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0e860979 Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 56494962-c8ee-11e1-9681-001195290246
[ System Events ]
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
Hier jetzt die gmer.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.07.2012 18:53:49 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free
7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CAC1F2-6BDC-4442-81D8-39A559866D27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{052A3DCD-D595-4ADB-8A99-A74F644F74D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D876DBE-3004-48CF-9735-304D95FF07FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{114EB8E1-973C-4D97-BD18-27AAE3DF3237}" = lport=138 | protocol=17 | dir=in | app=system |
"{28209765-CA1D-4C01-B6CE-BF7E0D4C3860}" = lport=10243 | protocol=6 | dir=in | app=system |
"{36296F85-F860-4704-B154-CEB004EB2F14}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3AB5B97B-FF53-48D5-8834-526F2EB103B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46D9D26B-A36F-4FC2-9565-5E4B16E18634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54E8FD00-7008-47EB-9C9B-6CDE0EAA8122}" = rport=137 | protocol=17 | dir=out | app=system |
"{5882A000-EF51-45BD-B013-7C31D8DB7503}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B818502-9145-4E17-9C7B-0FA3BD2CE017}" = lport=137 | protocol=17 | dir=in | app=system |
"{660ADB5D-F6EB-468B-8C78-7EF534945204}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6843EE47-F130-49D4-BBBF-4BE74565C00E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{6F0276BB-FF51-47A9-A2F2-95FAEA5B7553}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{7B584832-A4D2-4E95-88BD-F358F8C9CFB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7DDE0B88-F3BC-4881-B4CB-4A86DA407CC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F7432EA-D4B4-4FCE-B195-7796F2441631}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{85251080-AD27-48DB-9D61-F2027B5F02B1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{967288A7-DD50-44A7-A0DD-2AAC54092DC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4D64974-6BDD-4571-BFAF-EE26854FD1AB}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8A16771-965F-4B82-B384-AE45BD38E19A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BEA71CB9-E99D-4FB8-B16F-12C4459F6BD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{C240DDC9-D8EB-4221-8B4D-8DC297DD2EAF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{C8D2E36B-7406-45BD-B0F6-31C6824F3694}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9CDBFFC-9E12-4EFD-A3D1-88D9383E4632}" = lport=139 | protocol=6 | dir=in | app=system |
"{D96D9569-3FDD-46BE-802A-0666DC179B15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF8E6B6C-2C28-432A-BD14-17CC59A4E5EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E4B64D37-6D64-4746-BD94-D88EC3D0572C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B04D39-9F0F-4F95-B2C2-BFE47B8CEA46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBFD80AC-FE39-4C8E-A86B-6EF9B3630DCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3C1DAEE-4041-4485-90ED-F9FADCA5DD63}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCB716A4-C63C-4DC7-978F-44587ED02892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D8611-0A3E-4863-8CAB-E56FDEE62935}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{016F7AD2-D993-4EF5-A955-729585D2CD15}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{04A7FB85-8B16-4769-93CE-20C61BEE7EEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0628A924-182C-4CEE-956C-9C521E6796C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{081E05F7-9E80-48B8-9601-2A45DD7440A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0877954B-AB37-4469-9638-E98A8A79BF15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A7AF1D2-EBE5-4BCB-98E5-F4C5BEF9DFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C34975E-1C00-4D9E-B7FD-A7213067E3DA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{0D3785A2-4B1B-479B-BAF1-62D6C0265A23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{19CFEF43-CA16-4572-B87B-7A61968FD722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C440BDA-AC23-4086-9771-76B2DD14E1A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DDC602B-A678-4A02-8EEB-27F2163CDE77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2450ECE2-D7BF-461C-AD16-7B2ADC7A7ECC}" = dir=in | app=c:\users\marc\appdata\roaming\caizwu\omquuv.exe |
"{27B40E8C-941D-444B-9BF0-FAFD0ABF64BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FCF5E70-A2D8-4D91-B980-66C0E61DC73F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3022927B-B3C1-4770-851D-32DD448C3D86}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{349D5E97-86F2-4579-B893-D40B1A292F31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{34B71966-2466-4DF6-8D57-F6C2260B0E73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D01B98D-6F7F-465D-AED3-00797A71CB01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4135BAD7-3982-4AE5-8655-B9B8FD07B9BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B8E0D77-1431-4C74-B3B4-C5AFEF789AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{533E0691-6A67-44E2-B67A-AD43E0F654BB}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{58FBC19C-42B3-493C-95E8-92DAACD4CB3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{594B5D62-2060-4C79-8F4B-7E6C49ED78C3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{59F4633A-6EF7-4CE0-9960-AD7BB1211512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A537822-0542-4D2A-BF35-96BDF9DEFB43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B4A945D-B983-434C-B1A8-12D474691266}" = dir=in | app=c:\users\marc\appdata\roaming\ukt\kaocyp.exe |
"{61689875-4EB9-4CD3-BD64-E942E7646EA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66CE61D9-CBA1-46D7-B423-4F820A53598A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7385F193-68E2-4794-83CC-BE6DB5101F81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73FBC5A1-657F-4522-A995-979F413B8A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF56B93-DA53-48A9-A5AE-51BE5A6E367B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D0CFE66-89E2-4CDF-B5A6-A6BB7D511E3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D84475D-F2B9-4F20-8285-DCC4BC0EB970}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7EB7552C-7B7E-4647-9C41-F2CB89AD48BE}" = dir=in | app=c:\users\marc\appdata\local\temp\hp\oj4500vg510n-z_full_13\setup\hpznui01.exe |
"{89C1F0CD-0C78-44B1-8B63-0B13FDC6C3B8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B2BF136-A5CB-4CC9-8750-3D24C627B7C9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{8FB2FE86-C42D-4C63-AEA8-488F13F4BFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97640F88-2FB1-4899-88D6-229139A2C094}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9B67495A-49B4-44D3-B33E-568AC6A14900}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A123AF15-F53E-40C4-B571-5194473B6B5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A19C9B7C-5389-42D0-8AD3-D61B1E02B657}" = protocol=6 | dir=out | app=system |
"{A2083CC7-9881-4E22-A700-37B696915F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A54F46DB-DD42-4FBA-B376-9FE4965DDDFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFCECB70-B939-4470-B5EA-F64B6F770D2E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B131EEE0-7B04-4316-843C-8922C2665DAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B21FC084-7DCC-4ACF-9671-5EFFB951C0E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9EEEF83-3B7E-4666-8DB4-2C78773F9386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDDC63CC-FDB9-4067-97BF-620080020D1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C011A033-F2CD-4A49-B8DC-22FADBFF2BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C41464D4-A3FE-40C2-8E8E-CE6FC2139BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1D792CC-4D24-4D93-82E4-45AAC1B2BC44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D407789A-1A14-4851-AFCF-F17B9ACBFC83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5AC5A0C-D652-495C-8D8D-7677016E87B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F5C5EE-5E57-47C6-A5D9-7D2A08135D55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7C90040-9627-4838-AB44-152444302AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9A2FF27-6CCA-4429-A5CA-11325735B7D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2FD37C4-BE3A-408F-9D25-D334C7D68419}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E3E4AAE2-838A-41CE-8EBE-66CD35F7AA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7CAF1DB-411C-41C2-A54C-1230B478F41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF867302-F88F-4640-8FBA-06A7CEC36594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F29B71ED-460F-4AB8-9485-A5EA81F2D568}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2B21985-158B-4A0F-9986-0E27812F8A82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F84EEAD8-F85F-496D-91F0-09D6171752EB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{19AAD408-A4FC-435F-96BF-081D02D24D8B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{4262856C-8EBA-4375-A845-6852341C305D}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"TCP Query User{AFE500CB-840B-4C5F-8F0B-58F5ECAB29BC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{BF14DF89-4AEC-42B4-8424-CC3EE4381AEB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D6F1AE32-0570-477C-B9ED-DA67FAF6D816}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DE8232E4-A934-47A6-970E-9369150ACB27}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F15EA9AD-C100-4399-B8B9-63D1CA00AA5F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{074A5CAA-717D-4298-B243-5C6A389F7DAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2010D67B-1438-4413-A404-0A50994ECBC9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{80ED73C8-3CBC-4737-B3CE-F879E0E281E4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{917EF290-2C5B-43F1-81BE-CA3038C730B9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{97FDA563-FFAD-4587-98CF-AA055140ED64}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EBF5095B-1C54-4EFD-9970-F0248D1AD53A}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"UDP Query User{FA164B0E-4FDD-41A3-AEE3-23A1B90E4715}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 vibration driver version 0.100
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Moozy
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"CL-Eye Driver" = CL-Eye Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PSP Games Classics_is1" = PSP Games Classics
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2012 08:54:28 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =
Error - 25.06.2012 09:02:28 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm java.exe, Version 6.0.200.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16cc Startzeit:
01cd52d293e6722d Endzeit: 113 Anwendungspfad: C:\Program Files\Java\jre6\bin\java.exe
Berichts-ID:
01aed14c-bec6-11e1-92ac-001195290246
Error - 25.06.2012 09:03:23 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ntvdm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc158 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ffff ID des fehlerhaften
Prozesses: 0x10f8 Startzeit der fehlerhaften Anwendung: 0x01cd52d2e5164210 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\ntvdm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 245ce38a-bec6-11e1-92ac-001195290246
Error - 08.07.2012 07:15:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x16f8 Startzeit der fehlerhaften Anwendung: 0x01cd5cfacff71956 Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 32af0e7a-c8ee-11e1-9681-001195290246
Error - 08.07.2012 07:15:57 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x1298 Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0adc043c Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 4a059259-c8ee-11e1-9681-001195290246
Error - 08.07.2012 07:16:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaca Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001609c ID des fehlerhaften
Prozesses: 0x17f0 Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0e860979 Pfad der
fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 56494962-c8ee-11e1-9681-001195290246
[ System Events ]
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
eine dds.txt und attach.txt wurde nicht erstellt, zumindest hab ich sie nicht gefunden |
|
10.07.2012, 21:35
| #2 |
| /// Malware-holic   | Windows Update Trojaner hi
__________________nimm shadow explorer, setze zurück, sichere die dateien und mache das system neu. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
|
Linear-Darstellung
