| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner die XteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.07.2012, 23:48
| #1 | |
| |  GVU-Trojaner die Xte Hallo Leute, auch ich komme nun in den Genuss mich mit dem GVU-Trojaner herumschlagen zu dürfen. Da ich noch keine andere Anleitung für diese Trojaner-Version gefunden habe, hoffe ich hier Hilfe zu erlangen. Die Version ähnelt der 2.04, beinhaltet jedoch, wie auch in vielen anderen Threads beschrieben, ein Webcamfenster oben rechts. Ohne Netzwerkanschluss lässt sich der PC bedienen. Malwarebytes konnte nichts finden, jedoch befinden sich noch vier Einträge aus vorherigen Scans in Quaratäne. Hier die Logfiles. Bitte gebt mir bescheid, falls ihr weitere Daten benötigt. Malewarebytes Zitat:
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.07.2012 23:17:21 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philip\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,95% Memory free 6,87 Gb Paging File | 6,31 Gb Available in Paging File | 91,87% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 238,85 Gb Total Space | 195,91 Gb Free Space | 82,02% Space Free | Partition Type: NTFS Drive D: | 211,81 Gb Total Space | 40,81 Gb Free Space | 19,27% Space Free | Partition Type: NTFS Computer Name: APOLLON | User Name: Philip | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.02 23:14:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.06.27 18:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.09 17:44:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 17:44:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.05 17:36:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.04.01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.09.02 09:55:32 | 000,172,032 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.15 11:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Stopped] -- C:\Windows\System32\yk62x86.dll -- (yksvc) SRV - [2009.03.28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.03.05 11:54:50 | 000,311,296 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.11.05 15:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philip\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012.05.09 17:44:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 17:44:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.16 00:24:36 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2012.02.16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.01 07:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2011.04.01 07:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.01.06 10:36:42 | 000,559,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.02 10:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.08.10 20:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2009.07.22 00:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.15 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2007.07.09 15:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2007.06.26 14:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.03.30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: wildpocketsloader@simopsstudios.com:1.0.9.15079 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.26 22:08:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 17:36:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.03 21:21:34 | 000,000,000 | ---D | M] [2010.01.21 13:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions [2012.06.08 14:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\t4o5fszz.default\extensions [2010.08.18 15:51:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\t4o5fszz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.20 07:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.26 22:08:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.08 14:40:29 | 000,039,414 | ---- | M] () (No name found) -- C:\USERS\PHILIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4O5FSZZ.DEFAULT\EXTENSIONS\VK@SERGEYKOLOSOV.MP.XPI [2012.05.05 17:36:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.18 16:36:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.05 07:36:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.05 07:36:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.05 07:36:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.05 07:36:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.05 07:36:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.05 07:36:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.23 14:40:00 | 000,436,604 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15023 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [zherherhaer] C:\Users\Philip\AppData\Roaming\xdhjtrjrt\zerhehr5ze.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Philip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3821563E-5D46-49F5-9AAD-F26E08374961}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3A6A6E7-68F4-45E3-A662-4ACA9DE99FAE}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD7C2552-044F-4069-B805-8357B47DC300}: DhcpNameServer = 193.254.160.1 10.74.83.22 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{462d2236-38f8-11df-977f-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{462d2236-38f8-11df-977f-00245416fd69}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{527a4ab5-6287-11e0-97c8-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{527a4ab5-6287-11e0-97c8-00245416fd69}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O33 - MountPoints2\{54e92f90-376c-11df-a425-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{54e92f90-376c-11df-a425-00245416fd69}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{6476d7f3-76d2-11df-bee8-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{6476d7f3-76d2-11df-bee8-00245416fd69}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6b264d91-77ad-11df-be96-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{6b264d91-77ad-11df-be96-00245416fd69}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7e6bc9f2-75af-11df-ba42-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{7e6bc9f2-75af-11df-ba42-00245416fd69}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7e6bca22-75af-11df-ba42-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{7e6bca22-75af-11df-ba42-00245416fd69}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e76a488e-618f-11df-bed4-00245416fd69}\Shell - "" = AutoRun O33 - MountPoints2\{e76a488e-618f-11df-bed4-00245416fd69}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 23:14:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe [2012.06.27 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Macromedia [2 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.02 23:14:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe [2012.07.02 23:13:39 | 000,000,000 | ---- | M] () -- C:\Users\Philip\defogger_reenable [2012.07.02 23:12:03 | 000,050,477 | ---- | M] () -- C:\Users\Philip\Desktop\Defogger.exe [2012.07.02 22:07:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.02 22:07:51 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012.07.02 21:48:18 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 21:33:25 | 000,001,879 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.02 21:00:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.02 14:59:58 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 14:59:58 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 21:20:40 | 000,330,109 | ---- | M] () -- C:\Users\Philip\Desktop\SS12_Erstprüfungen_Klausurenplan_-_Version_4_-_14.06.2012.pdf [2012.06.15 18:02:36 | 000,442,360 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.02 23:13:39 | 000,000,000 | ---- | C] () -- C:\Users\Philip\defogger_reenable [2012.07.02 23:12:01 | 000,050,477 | ---- | C] () -- C:\Users\Philip\Desktop\Defogger.exe [2012.07.02 21:33:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 21:33:25 | 000,001,879 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.14 21:46:16 | 000,330,109 | ---- | C] () -- C:\Users\Philip\Desktop\SS12_Erstprüfungen_Klausurenplan_-_Version_4_-_14.06.2012.pdf [2012.04.25 10:06:04 | 000,201,700 | ---- | C] () -- C:\Program Files\UninstallB038.DAT [2012.04.25 10:06:04 | 000,060,054 | ---- | C] () -- C:\Program Files\uchigh.bmp [2012.04.25 10:06:04 | 000,015,386 | ---- | C] () -- C:\Program Files\UILANG1.UDB [2012.04.25 10:06:04 | 000,013,826 | ---- | C] () -- C:\Program Files\UILANG2.UDB [2012.04.25 10:06:04 | 000,010,518 | ---- | C] () -- C:\Program Files\uc16.bmp [2012.04.25 10:02:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\GkSui20.EXE [2012.04.03 02:06:01 | 000,007,598 | ---- | C] () -- C:\Users\Philip\AppData\Local\Resmon.ResmonCfg [2011.12.13 19:43:11 | 000,006,144 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.15 15:46:23 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\windows\System32\LogiDPP.dll [2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe [2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll [2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\windows\System32\lvcoinst.ini [2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll [2010.07.10 20:26:26 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll [2010.07.10 20:26:26 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll [2010.07.10 20:26:26 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll [2010.07.10 20:14:39 | 000,035,742 | ---- | C] () -- C:\windows\DIIUnin.dat [2010.07.08 12:47:28 | 000,081,773 | ---- | C] () -- C:\windows\War3Unin.dat [2010.01.21 19:27:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.21 19:16:20 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010.01.28 19:07:40 | 000,000,000 | -HSD | M] -- C:\Users\Philip\AppData\Roaming\.# [2011.09.24 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\AnvSoft [2010.02.11 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Canneverbe Limited [2012.05.22 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DVDVideoSoft [2011.03.26 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.28 10:08:28 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Go Go Gourmet [2011.02.04 01:40:36 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Leadertech [2010.04.13 19:12:29 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\OpenOffice.org [2010.01.28 09:39:02 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\PlayFirst [2010.02.03 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\TuneUp Software [2012.01.08 01:11:25 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\xdhjtrjrt [2010.12.21 11:23:57 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\YoWindow [2012.02.29 22:19:52 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:5C5A503E @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FB1B13D8 < End of report > OTL Extras OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.07.2012 23:17:21 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philip\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,95% Memory free
6,87 Gb Paging File | 6,31 Gb Available in Paging File | 91,87% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 238,85 Gb Total Space | 195,91 Gb Free Space | 82,02% Space Free | Partition Type: NTFS
Drive D: | 211,81 Gb Total Space | 40,81 Gb Free Space | 19,27% Space Free | Partition Type: NTFS
Computer Name: APOLLON | User Name: Philip | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0818D72A-C65B-47DA-8876-DB7FAA188EAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{10500384-AD3E-4591-8BA0-8A8C96651E76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{106FE28F-1C6E-4DA9-9311-030CF34CB24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{137CDE39-7143-464E-9121-2EEABC48958D}" = rport=139 | protocol=6 | dir=out | app=system |
"{242B634D-7396-44F4-9FA5-2A4473513C68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24BF7D5F-7437-4106-97DC-F4BB80AD211D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25E89DCB-37F9-4D9B-8139-0975F3F3D8AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41130C08-DB13-46D5-9F23-9CE6F1410F0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DB54F1F-0358-4455-9356-9EC0C35D8C8D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6B890FED-1083-4DBF-A06C-E0B8A1F8334F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78A1A4E5-A418-4D02-A4E3-CA2AE53E872C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A818F8D-CE25-4951-9AB2-2E8CC03FB669}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7E3A7194-312C-4C35-87BA-8E371A05E20A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88B3A3DB-406D-46B3-956C-B95CB8357983}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89EA4C86-5A25-4FE6-801D-46125E04CC1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ACA4A41-FCB8-4819-85ED-693D65F4CCF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D7DB15D-6622-4969-B4D0-23DCE737FD18}" = lport=445 | protocol=6 | dir=in | app=system |
"{93D09777-8BC8-4D84-BF8D-26B43CA586CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4E52FC9-6C60-4091-ADA6-5DE14E064101}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BDCCAB32-8625-4011-A211-19501C71B682}" = rport=137 | protocol=17 | dir=out | app=system |
"{E14900AC-97AF-49A8-8C67-1521ED3711C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E264491A-A67E-45F4-9492-1384009827F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{E537261A-C32E-49AD-BEC5-1E99C58C919B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF3BCBD8-04AA-4AB6-AFCA-E1691CA3C07F}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A2966E-14A4-4D74-9446-0863ACB8D760}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1F0E8EDA-4150-468D-8329-85678230D0B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3081DBAD-3904-475A-9257-997F67288CC3}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{32882AD3-6BE7-45B8-9218-EA6373C8E690}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{332EC52B-7A24-436F-8951-9D9142D24E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AC46285-90E6-4C4A-9269-71D7E876D810}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{3CA53AF5-3A4D-44F7-9D76-4858541A96F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40BC0E67-302C-4571-BDFE-61686B56ADE4}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{411983F4-100E-45E9-A61C-0302FD8DC1D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49638039-B9E1-4C45-840D-EA19707BB440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4971F79F-186E-4145-B5C6-032C78BC87B3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4F4F6296-E613-4998-8447-255A2C147AB2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{51E97457-DED8-4701-A8F2-2052B27AD64E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{529E2B58-535A-4E8E-BDD3-6733B8A586E3}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{6148496C-E7E3-48C0-BFC4-02961B553B67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{671F3C3B-9449-4A44-BE3C-1B9D60BD545E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6773BC56-F9F0-4B6E-85DA-667873398CB5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7DE51E1F-AAD8-4220-BFE1-1178D3566289}" = protocol=58 | dir=in | app=system |
"{882A944B-D73A-4B07-A98F-93B727772CC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A2F2B50-3E2F-47E3-AE52-20249AE9F7BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{910253C7-71B8-45A2-BD83-E0F287542C52}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{945275F6-1241-4CAF-AF2A-62183795CB6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A3410622-7059-4FE0-B233-FDE5187519A3}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{A83E09FE-DCDC-494D-A5AB-646FA55BF26C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A97AC2D7-BCA9-4589-893C-E37062E54229}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B31D6F6B-B722-4592-9E38-5C48419748E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C531B086-564E-41D3-832D-CBD596B8BD21}" = protocol=6 | dir=out | app=system |
"{CACBC61F-A5D3-4043-9AF6-A6C7CDB77904}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0C1093E-0CD3-40EF-8C35-0F0E644C08F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D3C15D66-822B-444B-884C-22EAFB62F9D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D8EDE20B-5AE4-4E03-A107-6DE1BB02EF86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC2EA7C6-65AD-4BEA-83C3-8EBBA5573B4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E717A4D8-B0EC-44CE-98A5-8FF3E5CA20F3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F9C18733-CC9F-49F5-8F8C-D0A501DAE4F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC64B0F3-3F18-4E2D-9009-471B5FCF55A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{FCA9F00B-B646-42C9-8A6F-3E1084A584DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{16A75335-2BD7-45B5-80A4-54DFCC50356F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{356DC1CF-D7A3-4E88-A011-37329850177B}C:\program files\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"TCP Query User{357DB4F5-6144-4ED7-B75A-4F63FF3119AF}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{3B806350-4699-4258-A535-001D1655DE93}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{65340625-BB85-47DB-9EDB-6B81593B09DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{89F72D83-1082-4155-B5B1-251BDD501C77}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{A5276ED1-1379-4923-8A19-69B395C8264A}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{0BAEC257-4C80-4653-8290-F728A98EF578}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{6C8385CC-BBF4-4109-BE8C-6C94772ABB74}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{75C28B3B-138E-4F99-9DC6-408F7899AAD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{82BFA58A-9DBC-489F-9569-4AC4F6A46712}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{A2AE143C-D800-4C43-BCF3-08867F309182}C:\program files\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"UDP Query User{ED184C24-713E-45D7-A695-643318C5D150}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{FC0B6ECE-F28B-4818-9AE0-48CAEB9BD710}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Diablo II" = Diablo II
"DivX Setup" = DivX-Setup
"Everest Poker" = Everest Poker (Remove Only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Logitech Vid" = Logitech Vid HD
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PRJPRO" = Microsoft Office Project Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOPSIM - Startup! Produktion - Businessplan" = TOPSIM - Startup! Produktion - Businessplan
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"yowindow" = YoWindow
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.02.2012 12:00:54 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.02.2012 12:01:25 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.02.2012 12:03:35 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.02.2012 12:03:36 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.02.2012 12:03:37 | Computer Name = apollon | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 14.02.2012 13:38:49 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.02.2012 13:39:12 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.02.2012 13:40:37 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.02.2012 13:40:37 | Computer Name = apollon | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.02.2012 13:40:38 | Computer Name = apollon | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 31.03.2010 06:29:45 | Computer Name = Philip-PC | Source = MCUpdate | ID = 0
Description = 12:29:45 - Fehler beim Herstellen der Internetverbindung. 12:29:45
- Serververbindung konnte nicht hergestellt werden..
Error - 31.03.2010 06:29:54 | Computer Name = Philip-PC | Source = MCUpdate | ID = 0
Description = 12:29:50 - Fehler beim Herstellen der Internetverbindung. 12:29:50
- Serververbindung konnte nicht hergestellt werden..
Error - 06.04.2010 16:05:46 | Computer Name = Philip-PC | Source = MCUpdate | ID = 0
Description = 22:05:46 - Fehler beim Herstellen der Internetverbindung. 22:05:46
- Serververbindung konnte nicht hergestellt werden..
Error - 06.04.2010 16:05:55 | Computer Name = Philip-PC | Source = MCUpdate | ID = 0
Description = 22:05:51 - Fehler beim Herstellen der Internetverbindung. 22:05:51
- Serververbindung konnte nicht hergestellt werden..
Error - 07.04.2010 08:23:50 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 14:23:50 - Fehler beim Herstellen der Internetverbindung. 14:23:50
- Serververbindung konnte nicht hergestellt werden..
Error - 07.04.2010 08:23:58 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 14:23:55 - Fehler beim Herstellen der Internetverbindung. 14:23:55
- Serververbindung konnte nicht hergestellt werden..
Error - 09.04.2010 07:10:41 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 13:10:41 - Fehler beim Herstellen der Internetverbindung. 13:10:41
- Serververbindung konnte nicht hergestellt werden..
Error - 09.04.2010 07:10:51 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 13:10:46 - Fehler beim Herstellen der Internetverbindung. 13:10:46
- Serververbindung konnte nicht hergestellt werden..
Error - 10.04.2010 07:51:01 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 13:51:01 - Fehler beim Herstellen der Internetverbindung. 13:51:01
- Serververbindung konnte nicht hergestellt werden..
Error - 10.04.2010 07:51:08 | Computer Name = apollon | Source = MCUpdate | ID = 0
Description = 13:51:06 - Fehler beim Herstellen der Internetverbindung. 13:51:06
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 17.05.2010 12:04:02 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.12.2010 12:14:11 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.01.2011 19:44:00 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 337 seconds with 300 seconds of active time. This session ended with a crash.
Error - 13.01.2011 15:30:39 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.01.2011 04:58:40 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.01.2011 18:20:22 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.02.2011 05:01:17 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.06.2011 14:26:08 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.08.2011 05:21:04 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 215
seconds with 180 seconds of active time. This session ended with a crash.
Error - 19.02.2012 16:40:52 | Computer Name = apollon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 104631
seconds with 4500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.07.2012 17:08:33 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:13:33 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:13:33 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:13:33 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:15:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:15:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:15:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:20:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:20:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.07.2012 17:20:39 | Computer Name = apollon | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
--- --- --- Vielen Dank!  |
| Themen zu GVU-Trojaner die Xte |
| administrator, adobe, adobe flash player, alternate, antivir, autorun, avira, battle.net, bho, cdburnerxp, converter, dateisystem, defender, device driver, download, explorer, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, microsoft, microsoft office 2003, microsoft office word, mozilla, mp3, office 2007, opera, plug-in, realtek, registry, richtlinie, searchscopes, software, t-mobile, temp |
Baum-Darstellung