Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ebenfalls 50€ Virus

Ebenfalls 50€ Virus


Plagegeister aller Art und deren Bekämpfung: Ebenfalls 50€ Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.04.2012, 11:51   #1
relmmek
 
Ebenfalls 50€ Virus - Standard

Ebenfalls 50€ Virus


Guten Tag zusammen!
Auch mich hat dieser Trojaner erwischt der hier schon bekannt zu sein scheint.
Kann mir jemand weiterhelfen?
Vielen Dank!


Hier die OTL.Txt
OTL logfile created on: 09.04.2012 12:36:19 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kemmi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 78,90% Memory free
3,98 Gb Paging File | 3,71 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 33,80 Gb Free Space | 45,54% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 68,97 Gb Free Space | 94,01% Space Free | Partition Type: NTFS

Computer Name: KEMMI-PC | User Name: Kemmi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kemmi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\SearchScopes,DefaultScope = {BF10CB67-50BF-4CB6-8D9A-57F21D5FDE34}
IE - HKLM\..\SearchScopes\{55E9D7D6-7D7B-4A41-B440-D68485431725}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=157981b0-ff3f-11e0-a1dc-001e3393ace6&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BF10CB67-50BF-4CB6-8D9A-57F21D5FDE34}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://aol.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {55E9D7D6-7D7B-4A41-B440-D68485431725}
IE - HKCU\..\SearchScopes\{55E9D7D6-7D7B-4A41-B440-D68485431725}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=1Prl4vGE-vxvoZRjtcjaFyS5R7U?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BF10CB67-50BF-4CB6-8D9A-57F21D5FDE34}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kemmi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Kemmi\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.23 19:08:17 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kemmi\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kemmi\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kemmi\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Kemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Kemmi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Kemmi\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: vshare plugin = C:\Users\Kemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SchlagerhoellenplayerTimer] C:\Programme\Schlagerhoellen-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [SkypePM] C:\Users\Kemmi\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{352FD856-854D-4106-A42F-A5F5E3A80B50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6F9E93-03EA-4FC4-8D6B-5AC10ECEF4F8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kemmi\Pictures\Diverses 2011\P7210194.JPG
O24 - Desktop BackupWallPaper: C:\Users\Kemmi\Pictures\Diverses 2011\P7210194.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.09 12:34:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kemmi\Desktop\OTL.exe
[2012.04.08 09:36:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.08 09:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.04.07 15:29:12 | 000,099,880 | ---- | C] (Microsoft Corporation) -- C:\Users\Kemmi\ms.exe
[2012.03.22 21:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012.03.17 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Kemmi\AppData\Roaming\elsterformular
[2012.03.17 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.03.17 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.03.17 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.03.17 18:18:29 | 060,062,784 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Kemmi\Documents\ElsterFormular-13.1.1.8479p.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.09 12:34:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kemmi\Desktop\OTL.exe
[2012.04.09 12:32:02 | 000,024,061 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.04.09 12:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.08 09:41:25 | 087,227,952 | ---- | M] () -- C:\Users\Kemmi\Documents\avira_free_antivirus_de.exe
[2012.04.08 09:39:00 | 000,001,356 | ---- | M] () -- C:\Users\Kemmi\AppData\Local\d3d9caps.dat
[2012.04.08 09:25:36 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.08 09:25:36 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.08 09:25:36 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.08 09:25:36 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.07 19:49:53 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.07 19:48:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 19:48:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 17:56:21 | 186,705,615 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.07 15:29:12 | 000,099,880 | ---- | M] (Microsoft Corporation) -- C:\Users\Kemmi\ms.exe
[2012.04.06 22:37:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012.03.18 18:39:42 | 000,117,557 | ---- | M] () -- C:\Users\Kemmi\ESt2011_Kemmler_Frank_und_Kemmler_Anja.elfo
[2012.03.17 18:22:24 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.17 18:18:57 | 060,062,784 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Kemmi\Documents\ElsterFormular-13.1.1.8479p.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========

[2012.04.08 09:41:23 | 087,227,952 | ---- | C] () -- C:\Users\Kemmi\Documents\avira_free_antivirus_de.exe
[2012.03.18 18:36:03 | 000,117,557 | ---- | C] () -- C:\Users\Kemmi\ESt2011_Kemmler_Frank_und_Kemmler_Anja.elfo
[2012.03.17 18:22:24 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.10.13 03:23:38 | 000,001,356 | ---- | C] () -- C:\Users\Kemmi\AppData\Local\d3d9caps.dat
[2011.10.13 03:05:10 | 000,020,992 | ---- | C] () -- C:\Users\Kemmi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.29 17:19:16 | 000,089,430 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.29 17:19:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.29 17:19:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.29 17:19:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.29 17:19:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.29 17:19:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.29 17:19:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.29 17:19:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.29 17:19:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.29 17:19:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.29 17:19:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.29 17:19:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.29 17:19:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.29 17:19:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.29 17:19:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.29 17:19:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.29 17:19:16 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.08.29 17:12:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4200EFGIPSD.ini
[2011.08.12 21:11:04 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.08.12 21:11:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.08.11 22:44:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011.08.11 22:44:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011.08.11 22:44:27 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011.08.11 22:44:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

< End of report >



Und hier die Extras.Txt


OTL Extras logfile created on: 09.04.2012 12:36:19 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kemmi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 78,90% Memory free
3,98 Gb Paging File | 3,71 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 33,80 Gb Free Space | 45,54% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 68,97 Gb Free Space | 94,01% Space Free | Partition Type: NTFS

Computer Name: KEMMI-PC | User Name: Kemmi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084D0C81-1A7C-44B5-921C-A2FECF4A47D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{18357347-7A8B-49AA-BC6E-62557788EB30}" = lport=445 | protocol=6 | dir=in | app=system |
"{530D6B92-A6E2-414E-90FB-826DAAE4BD23}" = lport=139 | protocol=6 | dir=in | app=system |
"{55265166-EB9C-4A5D-91BF-420F5552DCA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{6552D307-A93C-4415-8A95-788ED3934C9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{861BBAA2-6AD8-433D-BEFA-81C92A74ACA0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E0661A3-35C2-4D65-BC65-6E3AC541E585}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{957C6BA6-ED76-42F3-96AE-AA253FACEB03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9606BE40-5546-4B34-A323-FF7B0AB3BE16}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4B73BB1-193D-463B-AC25-A2BE5DD83DA5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B99A5639-4C86-49DC-A19F-C0C7D353E125}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9BF5711-C257-40CE-8C9F-162C1915E912}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C2027EA7-1E33-4293-8152-5365ADE341E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C49DD528-9E75-4A7E-BCE0-37595850BC14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D938220A-D510-48F4-AE35-4A13E6C910AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E60C9A00-8726-41F7-AFCE-B40CE916513E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E9A25A31-F88D-4E33-B908-3792905A3439}" = rport=138 | protocol=17 | dir=out | app=system |
"{F05ACAA1-7259-4F4C-89EC-D8F3428C10E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6E055E3-BC7E-4E14-ABCB-FA8239086C49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311E41B-8DA2-4162-B84A-6D02586FD723}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{130DA5ED-385A-4999-8A6D-09EEF6C7192F}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{2CA41C61-6D50-4F84-A16A-6838353ACA8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2DFDA125-68D6-4DDC-8F61-AA11740FB634}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{35E04110-52F1-4E58-B523-E28FCF136570}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{370A4571-FCAD-497C-9265-BB3D87C6397D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3B6BBB72-59A0-4CC7-B4AF-832197DC51F6}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{4A8683A6-5471-4499-992B-F5560058F01D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B37DFB9-F7CE-433C-BD8E-326480622534}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C461AA3-1268-4D28-8F7D-E6782CA0F399}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{67D4FC90-FD3C-4E8D-A41E-B5DF7A1F1969}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{688A9C81-2ACC-4703-836D-E3A6D148C261}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{76012198-570E-4C07-A75B-80FCFC07BC8E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{79FBA2D3-7AA6-489B-BE6E-06AB295D8473}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{835F29E3-8DE6-4092-AEAE-5A6320D49CC4}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{86AE0C05-89DB-41CF-869D-1E21D358D93F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{911B7920-CD52-4012-BE09-6A9161F05748}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9B4F6D55-284B-49C9-BA1C-71DE31426817}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C0792D56-E6AB-4C4A-A7C0-84F15DC216AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5B87FD3-A858-41FE-AA05-65B43A1C3627}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E62748FD-E74B-4F6F-90A8-F35F11B0786B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E9F58EBF-DA59-4361-A882-10B74C7C6F30}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{27295B9D-7B18-4166-8007-6459743FB53A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8EE43BF7-E793-46E3-ABB1-62C17348FD84}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{CF7803A1-5377-4BC1-B59A-3BB8349E5EF5}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{06812B99-023F-46F4-87BA-5FE08F42348C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{30745D9A-A67F-4E32-AA99-3776C9C27536}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{6C96096A-2A53-41A0-9E5C-F6D2FB4DAD75}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alt WAV MP3 WMA OGG Converter 7.3_is1" = Alt WAV MP3 WMA OGG Converter 7.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX4800_4200 Benutzerhandbuch" = ESDX4800_4200 Benutzerhandbuch
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.6
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Schlagerhöllen-Player_is1" = Schlagerhöllen-Player Version 3.02.0
"SearchCore for Browsers" = SearchCore for Browsers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"YoungStars Fussball Manager_is1" = YoungStars Fussball Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.02.2012 01:09:16 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x2464, Anwendungsstartzeit
01ccf50d9b6e9f80.

Error - 28.02.2012 15:59:04 | Computer Name = Kemmi-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.02.2012 01:12:09 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul IEBHO.dll, Version 3.0.0.50653, Zeitstempel 0x4e940f13,
Ausnahmecode 0xc0000417, Fehleroffset 0x000919f2, Prozess-ID 0x1f24, Anwendungsstartzeit
01ccf69ed236acf0.

Error - 29.02.2012 17:30:33 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x2940, Anwendungsstartzeit
01ccf726589dc3f0.

Error - 05.03.2012 02:47:54 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x3d8c, Anwendungsstartzeit
01ccfa9b9b3bbc80.

Error - 05.03.2012 03:10:26 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x3e8, Anwendungsstartzeit
01ccfa9e51e245b0.

Error - 05.03.2012 16:51:10 | Computer Name = Kemmi-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.03.2012 15:22:31 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x373c, Anwendungsstartzeit
01cd0084d8a21b70.

Error - 12.03.2012 22:21:29 | Computer Name = Kemmi-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2012 12:19:58 | Computer Name = Kemmi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
0x4db02c95, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0x31e0, Anwendungsstartzeit
01cd04587a113690.

[ System Events ]
Error - 26.11.2011 17:41:41 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27.11.2011 11:16:29 | Computer Name = Kemmi-PC | Source = HTTP | ID = 15016
Description =

Error - 27.11.2011 13:00:45 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 03.12.2011 07:16:22 | Computer Name = Kemmi-PC | Source = DCOM | ID = 10005
Description =

Error - 03.12.2011 07:16:28 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 03.12.2011 07:16:28 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03.12.2011 09:10:55 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 03.12.2011 13:24:20 | Computer Name = Kemmi-PC | Source = HTTP | ID = 15016
Description =

Error - 04.12.2011 06:11:45 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 04.12.2011 06:18:36 | Computer Name = Kemmi-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

Themen zu Ebenfalls 50€ Virus
50€-virus, 7-zip, antivirus, avira, avira searchfree toolbar, bho, converter, downloader, ebay, error, firefox, flash player, google earth, home, iexplore.exe, install.exe, intranet, logfile, microsoft office word, mp3, ntdll.dll, phishing, plug-in, realtek, registry, scan, searchcore, searchscopes, security, senden, software, svchost.exe, trojaner, usb 2.0, version=1.0, virus, vista, wma


« Gema-Trojaner OTLPE bleibt beim Scan bei "Getting Folder structure" stehen | 50€ -Virus auf Vista »


Ähnliche Themen: Ebenfalls 50€ Virus


  1. Ebenfalls GVU Virus im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (34)
  2. Ebenfalls GVU Trojaner
    Log-Analyse und Auswertung - 19.12.2012 (9)
  3. AKM Virus...mich hats ebenfalls erwischt...
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (16)
  4. ebenfalls BRD Trojaner
    Log-Analyse und Auswertung - 31.07.2012 (6)
  5. Ebenfalls GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  6. Ebenfalls den 50€ Virus eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (12)
  7. Ebenfalls Problem mit "50 Euro Virus"
    Log-Analyse und Auswertung - 14.02.2012 (11)
  8. Ebenfalls 50 Euro Virus
    Log-Analyse und Auswertung - 31.01.2012 (7)
  9. Ebenfalls der 50€ Virus
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (11)
  10. Ebenfalls der 50€ Virus
    Alles rund um Windows - 27.12.2011 (5)
  11. Ebenfalls BKA-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (21)
  12. ebenfalls die 50€ Geschichte
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (5)
  13. Ebenfalls BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2011 (39)
  14. Ebenfalls Icq
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (4)
  15. ebenfalls VIRUS ALERT
    Plagegeister aller Art und deren Bekämpfung - 12.07.2008 (30)
  16. Ebenfalls Msn-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2008 (12)
  17. Ebenfalls about:blank
    Log-Analyse und Auswertung - 22.08.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ebenfalls 50€ Virus - Guten Tag zusammen! Auch mich hat dieser Trojaner erwischt der hier schon bekannt zu sein scheint. Kann mir jemand weiterhelfen? Vielen Dank! Hier die OTL.Txt OTL logfile created on: 09.04.2012 - Ebenfalls 50€ Virus...
Archiv
Du betrachtest: Ebenfalls 50€ Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131