| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mystart.incredibar entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.07.2012, 15:31
| #1 |
 |  Mystart.incredibar entfernen Hallo Leute! Leider hab ich mir, wie anscheinend mehrere, dieses blöde incredibar runtergeladen und weiß nicht wie ichs losbekomme! Ich kenn mich leider auch nicht soooo gut mit Computern aus. Also das übliche schon, aber was drüber hinausgeht, .... ähäm!!! Aber ich geb mein Bestes!! Habe den Malwarebytes runtergeladen und durchgeführt und kopiert: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.07.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Frank :: ADMIN-PC [Administrator] Schutz: Aktiviert 07.07.2012 16:07:12 mbam-log-2012-07-07 (16-07-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212098 Laufzeit: 2 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Frank\AppData\Roaming\7910.org\Ticker (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\Users\Frank\Downloads\SoftonicDownloader_fuer_inkscape.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Frank\Downloads\SoftonicDownloader_fuer_nw-docx-converter(1).exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Frank\Downloads\SoftonicDownloader_fuer_nw-docx-converter.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Frank\AppData\Roaming\7910.org\Ticker\an1cHrs0cr60002MDAwODk1b3wwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No.gif (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Frank\AppData\Roaming\7910.org\Ticker\an1cHrsVM1P0002MDAwMTUwbHwwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No.gif (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Habe auch den defogger gemacht, er hat sich neu gestartet, war aber nix da zum kopieren!?? Dann hab ich OTL ausgeführt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.07.2012 16:44:55 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Frank\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,69% Memory free 16,05 Gb Paging File | 14,00 Gb Available in Paging File | 87,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 488,81 Gb Free Space | 52,48% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.07 16:43:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe PRC - [2012.06.13 12:25:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 22:14:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.03.23 13:12:44 | 000,327,680 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\PACTray.exe PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.10.19 05:10:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2012.06.23 19:29:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.20 17:18:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.26 13:23:34 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 22:15:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 22:15:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.12.02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.12.02 13:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.12.02 13:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.12.02 18:57:48 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008.11.10 13:17:40 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PAC7302.SYS -- (PAC7302) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.03.20 02:44:34 | 000,467,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2007.12.06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2007.02.08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsiarhwprog_x64.sys -- (usbio) DRV:64bit: - [2006.10.31 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008.01.18 14:21:38 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2008.01.18 14:21:36 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4&hl={language}&src=chrm IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2582601 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6R8vQpBcfa&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64706726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{5033262E-1290-45AD-8B2C-CB2FD2E65299}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{6FE52790-D24A-4B46-B535-7A88C2D86152}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{9148E46A-4B18-4B31-8B70-A8114CF989BD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432353832363031&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vQpBcfa&i=26 IE - HKCU\..\SearchScopes\{D7ABBE17-5AC2-4E34-8B5F-7FAFB01B9751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com.anonymize-me.de/?anonymto=687474703A2F2F706C61736D6F6F2E636F6D2F726573756C742E68746D3F713D7B7365617263685465726D737D265365617263684D617368696E653D74727565&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "pc gear de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2582601&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://Mystart.incredibar.com/mb124" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {2ea04d33-5259-40b9-b79b-cb037d4824e7}:3.3.3.2 FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vQpBcfa&&i=26&search=" FF - prefs.js..network.proxy.http: "190.66.17.53" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Frank\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.13 07:33:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 12:26:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.16 10:24:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 12:26:04 | 000,000,000 | ---D | M] [2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.11 12:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.07.04 21:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions [2010.04.28 06:15:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.20 19:59:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.14 22:27:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\fb_add_on@avm.de [2012.06.13 07:33:53 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbr@incredibar.com [2012.06.01 23:34:29 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbra@softonic.com [2012.05.18 13:38:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ich@maltegoetz.de [2011.12.26 13:23:36 | 000,002,820 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\askcom.xml [2011.12.26 13:23:36 | 000,001,129 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\conduit.xml [2011.12.26 13:23:36 | 000,001,091 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\icqplugin.xml [2012.06.13 07:33:25 | 000,002,203 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\MyStart Search.xml [2011.12.26 13:23:37 | 000,002,188 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{254DA591-C16D-4FB6-9062-4C050FA0B1BD}.xml [2011.12.26 13:23:37 | 000,001,870 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{6332F0FF-685E-4193-9E72-D96AEE055E73}.xml [2011.12.26 13:23:37 | 000,002,077 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{7D01AA1A-5AB3-4D3E-ACAE-79CACC0E28AC}.xml [2012.03.22 12:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.06.23 21:00:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.13 23:06:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.06 22:18:50 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\FRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GHEJRB4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.07.04 21:38:52 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\FRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GHEJRB4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.20 17:18:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.09.08 16:02:46 | 000,188,416 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files (x86)\mozilla firefox\plugins\libcurl.dll [2012.03.08 13:25:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.10.29 16:57:40 | 001,359,872 | ---- | M] (Fraunhofer IIS) -- C:\Program Files (x86)\mozilla firefox\plugins\npmmtaplayer.dll [2012.06.13 12:25:21 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.20 17:18:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 17:18:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 17:18:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.26 13:23:36 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchDpg.xml [2012.06.20 17:18:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 17:18:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 17:18:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\Pixart\Pac7302\PACTray.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF2AE26-FF8E-4427-A3DD-D1BE409D82E6}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841DA7EE-789D-4B01-B5BF-E1D0CF08E86C}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94D2724-8C73-4AE6-A359-2099ABA3E767}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\bw+0 - No CLSID value found O18:64bit: - Protocol\Handler\bw+0s - No CLSID value found O18:64bit: - Protocol\Handler\bw-0 - No CLSID value found O18:64bit: - Protocol\Handler\bw00 - No CLSID value found O18:64bit: - Protocol\Handler\bw00s - No CLSID value found O18:64bit: - Protocol\Handler\bw-0s - No CLSID value found O18:64bit: - Protocol\Handler\bw10 - No CLSID value found O18:64bit: - Protocol\Handler\bw10s - No CLSID value found O18:64bit: - Protocol\Handler\bw20 - No CLSID value found O18:64bit: - Protocol\Handler\bw20s - No CLSID value found O18:64bit: - Protocol\Handler\bw30 - No CLSID value found O18:64bit: - Protocol\Handler\bw30s - No CLSID value found O18:64bit: - Protocol\Handler\bw40 - No CLSID value found O18:64bit: - Protocol\Handler\bw40s - No CLSID value found O18:64bit: - Protocol\Handler\bw50 - No CLSID value found O18:64bit: - Protocol\Handler\bw50s - No CLSID value found O18:64bit: - Protocol\Handler\bw60 - No CLSID value found O18:64bit: - Protocol\Handler\bw60s - No CLSID value found O18:64bit: - Protocol\Handler\bw70 - No CLSID value found O18:64bit: - Protocol\Handler\bw70s - No CLSID value found O18:64bit: - Protocol\Handler\bw80 - No CLSID value found O18:64bit: - Protocol\Handler\bw80s - No CLSID value found O18:64bit: - Protocol\Handler\bw90 - No CLSID value found O18:64bit: - Protocol\Handler\bw90s - No CLSID value found O18:64bit: - Protocol\Handler\bwa0 - No CLSID value found O18:64bit: - Protocol\Handler\bwa0s - No CLSID value found O18:64bit: - Protocol\Handler\bwb0 - No CLSID value found O18:64bit: - Protocol\Handler\bwb0s - No CLSID value found O18:64bit: - Protocol\Handler\bwc0 - No CLSID value found O18:64bit: - Protocol\Handler\bwc0s - No CLSID value found O18:64bit: - Protocol\Handler\bwd0 - No CLSID value found O18:64bit: - Protocol\Handler\bwd0s - No CLSID value found O18:64bit: - Protocol\Handler\bwe0 - No CLSID value found O18:64bit: - Protocol\Handler\bwe0s - No CLSID value found O18:64bit: - Protocol\Handler\bwf0 - No CLSID value found O18:64bit: - Protocol\Handler\bwf0s - No CLSID value found O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found O18:64bit: - Protocol\Handler\bwg0 - No CLSID value found O18:64bit: - Protocol\Handler\bwg0s - No CLSID value found O18:64bit: - Protocol\Handler\bwh0 - No CLSID value found O18:64bit: - Protocol\Handler\bwh0s - No CLSID value found O18:64bit: - Protocol\Handler\bwi0 - No CLSID value found O18:64bit: - Protocol\Handler\bwi0s - No CLSID value found O18:64bit: - Protocol\Handler\bwj0 - No CLSID value found O18:64bit: - Protocol\Handler\bwj0s - No CLSID value found O18:64bit: - Protocol\Handler\bwk0 - No CLSID value found O18:64bit: - Protocol\Handler\bwk0s - No CLSID value found O18:64bit: - Protocol\Handler\bwl0 - No CLSID value found O18:64bit: - Protocol\Handler\bwl0s - No CLSID value found O18:64bit: - Protocol\Handler\bwm0 - No CLSID value found O18:64bit: - Protocol\Handler\bwm0s - No CLSID value found O18:64bit: - Protocol\Handler\bwn0 - No CLSID value found O18:64bit: - Protocol\Handler\bwn0s - No CLSID value found O18:64bit: - Protocol\Handler\bwo0 - No CLSID value found O18:64bit: - Protocol\Handler\bwo0s - No CLSID value found O18:64bit: - Protocol\Handler\bwp0 - No CLSID value found O18:64bit: - Protocol\Handler\bwp0s - No CLSID value found O18:64bit: - Protocol\Handler\bwq0 - No CLSID value found O18:64bit: - Protocol\Handler\bwq0s - No CLSID value found O18:64bit: - Protocol\Handler\bwr0 - No CLSID value found O18:64bit: - Protocol\Handler\bwr0s - No CLSID value found O18:64bit: - Protocol\Handler\bws0 - No CLSID value found O18:64bit: - Protocol\Handler\bws0s - No CLSID value found O18:64bit: - Protocol\Handler\bwt0 - No CLSID value found O18:64bit: - Protocol\Handler\bwt0s - No CLSID value found O18:64bit: - Protocol\Handler\bwu0 - No CLSID value found O18:64bit: - Protocol\Handler\bwu0s - No CLSID value found O18:64bit: - Protocol\Handler\bwv0 - No CLSID value found O18:64bit: - Protocol\Handler\bwv0s - No CLSID value found O18:64bit: - Protocol\Handler\bww0 - No CLSID value found O18:64bit: - Protocol\Handler\bww0s - No CLSID value found O18:64bit: - Protocol\Handler\bwx0 - No CLSID value found O18:64bit: - Protocol\Handler\bwx0s - No CLSID value found O18:64bit: - Protocol\Handler\bwy0 - No CLSID value found O18:64bit: - Protocol\Handler\bwy0s - No CLSID value found O18:64bit: - Protocol\Handler\bwz0 - No CLSID value found O18:64bit: - Protocol\Handler\bwz0s - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\offline-8876480 - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\bw+0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {3FDB282B-B33E-4500-B6C2-484BBA806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG O24 - Desktop BackupWallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell - "" = AutoRun O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell - "" = AutoRun O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell - "" = AutoRun O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell - "" = AutoRun O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.07 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.07 16:06:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.07 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Macromedia [2012.06.13 12:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.06.13 12:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.06.13 07:52:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\NwDocx [2012.06.13 07:50:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf [2012.06.13 07:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.09 11:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC-Internetzugang [2012.06.09 11:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations ========== Files - Modified Within 30 Days ========== [2012.07.07 16:39:52 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.07 16:39:52 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.07 16:39:52 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.07 16:39:52 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.07 16:39:52 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.07 16:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 16:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 16:33:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.07 16:30:09 | 000,000,020 | ---- | M] () -- C:\Users\Frank\defogger_reenable [2012.07.07 16:29:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.07 16:06:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 22:16:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.06 22:16:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.06 22:16:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.05 11:31:16 | 000,001,950 | ---- | M] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk [2012.07.05 11:24:27 | 000,000,218 | ---- | M] () -- C:\Users\Frank\.recently-used.xbel [2012.06.15 21:33:45 | 000,271,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 23:20:55 | 000,182,784 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.13 12:26:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.06.13 12:25:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.06.13 07:33:54 | 000,000,614 | ---- | M] () -- C:\user.js [2012.06.09 11:03:35 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC-Internetzugang.lnk ========== Files Created - No Company Name ========== [2012.07.07 16:30:09 | 000,000,020 | ---- | C] () -- C:\Users\Frank\defogger_reenable [2012.07.07 16:06:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 11:31:16 | 000,001,950 | ---- | C] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk [2012.07.05 11:24:27 | 000,000,218 | ---- | C] () -- C:\Users\Frank\.recently-used.xbel [2012.06.13 12:26:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.06.09 11:03:35 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC-Internetzugang.lnk [2011.12.26 13:23:35 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.11.06 01:09:44 | 011,980,353 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe [2011.10.28 19:57:38 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.01 17:29:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.09.17 14:55:57 | 001,418,240 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll [2011.09.17 14:55:57 | 001,099,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll [2011.09.17 14:55:57 | 000,568,832 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll [2011.09.17 14:55:57 | 000,488,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll [2011.09.17 14:55:57 | 000,410,112 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll [2011.09.17 14:55:57 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysWow64\LXBFhcp.dll [2011.09.17 14:55:57 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll [2011.09.17 14:55:57 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll [2011.09.17 14:55:57 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll [2011.09.17 14:55:57 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll [2011.09.17 14:55:57 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll [2011.09.17 14:55:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll [2011.09.17 14:55:56 | 000,660,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll [2011.09.17 14:55:56 | 000,566,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe [2011.09.17 14:55:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll [2011.09.17 14:55:56 | 000,236,464 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe [2011.09.17 14:55:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.25 22:35:11 | 000,000,862 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI [2011.03.28 20:54:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.27 17:11:17 | 000,097,344 | ---- | C] () -- C:\Users\Frank\slowenien.htm [2010.07.29 11:50:19 | 000,000,000 | ---- | C] () -- C:\Users\Frank\jagex__preferences3.dat [2010.07.29 11:45:26 | 000,000,099 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences2.dat [2010.07.29 11:44:24 | 000,000,046 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences.dat [2009.10.21 21:33:45 | 000,001,024 | ---- | C] () -- C:\Users\Frank\.rnd [2009.06.23 16:54:02 | 000,182,784 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.23 12:29:59 | 000,001,164 | ---- | C] () -- C:\Users\Frank\AppData\Local\9A5FF4EA.il [2009.06.23 12:29:59 | 000,000,280 | ---- | C] () -- C:\Users\Frank\AppData\Local\IndexIE_9A5FF4EA.il [2009.06.23 11:32:45 | 000,000,732 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps64.dat ========== LOP Check ========== [2012.07.07 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\7910.org [2012.06.02 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Amazon [2011.08.04 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics [2009.10.21 09:05:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Blitware [2009.12.02 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools [2011.12.26 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DesktopIconForAmazon [2012.06.13 07:53:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf [2012.01.01 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2011.02.10 13:41:41 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.21 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Facebook [2010.12.16 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fraunhofer [2012.01.19 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC [2011.05.11 15:07:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.06.01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\inkscape [2011.12.26 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView [2009.12.30 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech [2012.01.31 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MyPhoneExplorer [2011.05.23 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia [2011.05.23 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Ovi Suite [2012.06.13 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NwDocx [2011.12.26 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OCS [2011.11.07 23:24:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenCandy [2011.12.26 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Opera [2011.10.28 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Origin [2011.05.06 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite [2009.10.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Simple Star [2010.04.29 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp [2010.09.15 12:51:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird [2010.02.11 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom [2011.12.09 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Visan [2010.12.16 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\XMedia Recode [2009.10.21 21:37:38 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\File Helper.job [2012.07.07 16:32:05 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.07.2012 16:44:55 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Frank\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,69% Memory free
16,05 Gb Paging File | 14,00 Gb Available in Paging File | 87,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 488,81 Gb Free Space | 52,48% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5B 13 47 FB 45 C7 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B5350-FB9C-475F-93BD-F8AFD47FEC97}" = lport=445 | protocol=6 | dir=in | app=system |
"{0F596B15-C9E7-4B0E-AD1E-55DADAD8C737}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106809ED-BB4D-4F2D-A442-73C9C603982C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{153206BB-EB69-4ACE-A031-4F2ABD726C86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1952039F-B91B-47AC-BB66-3B0EA6B75444}" = rport=10243 | protocol=6 | dir=out | app=system |
"{24164A48-CD12-45B8-87D4-BEE0BDB65BAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D76B166-C755-4491-A799-AB441E930ACF}" = lport=138 | protocol=17 | dir=in | app=system |
"{40D03767-E5D6-48BD-8CC4-AE5F49BB8DD5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A1C92EC-40EE-4647-BC2E-95090A24A33E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D70E9C2-06CA-455D-B74A-1C6D1F64E3DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5A4EA7DB-3916-483F-8FF2-89427A8D743E}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A90CEED-5A54-4C8E-9359-6A72B4E423AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{684912DE-8747-4DEC-ACC1-3D69075C0436}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68A773E8-E59C-4D05-9178-C9D81E025F51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7AE5BB6F-DD54-4D41-A8B4-445C5AB07B06}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8534B09D-BA6C-4E68-8EF8-121E7D6A82C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86E99F5A-53FE-4B05-866B-972103A02B2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{88149C5B-7077-421B-8BB5-49BC05DDD31D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{884C79CF-08A3-4164-B522-AA75AE086DEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EEBF4F1-7CA9-49F7-B126-6D9750133FB6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9266E6D0-1FD0-4495-94B9-FACCEAD2942B}" = rport=137 | protocol=17 | dir=out | app=system |
"{96F0450A-5146-4EBF-B558-98C0E049A2BD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9C48E224-F2EB-4990-8A20-00C704CF3743}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C6E5602-279C-4B87-9308-5FA881B7E225}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0458E22-DCCF-48A8-A60B-1B380FE8DADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3B32355-E48E-4AB9-A744-F7BFE2338E76}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3D407C2-0C7F-49D6-8CA2-A21680ECDDD8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BB22E027-0FDF-4B51-9149-592FEB5A9237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C76042BC-91F1-4037-BC38-7C7D3AC0DF38}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CFFF1E65-D4BC-4973-B64E-948290342501}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2ECB7E9-5950-4AC0-A42C-EF76DBBB9C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5E76075-5D6A-46B1-A8AF-03A061A41D73}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DD83E013-1B4B-42B9-B874-BA2382F6D323}" = rport=138 | protocol=17 | dir=out | app=system |
"{F442F423-F230-4212-A3BD-7A56EC0F8D8D}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD66E814-E56B-448E-8875-AAEBAFE56E1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08448839-3E20-407A-8627-E25ED022199C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{11358582-780A-436F-B4F4-D3330DE32EC8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12C316C5-8DA8-490A-A9DB-D727D063CF21}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{1CB55B50-2131-4F43-9E56-7B9A3D79483A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{1F7AFAF5-41A2-4946-A6D3-7C988469AF90}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{2174DBCA-1891-4769-A1E2-A2EA2325F1F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{299DCF7F-3109-49B8-AFE0-187820101276}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2D919362-D108-4BB0-8164-0539EA00B129}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe |
"{2F61F813-BAAA-417D-BE49-4B284E439612}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe |
"{2FDF33A2-0CE1-4DFB-BB08-EDDB5F243EF1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36D9C825-C493-4F97-86DD-2E52B5AAB5CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B639335-EAF2-40A3-B152-0BE2068FAFFB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3F45E21F-77F8-4F12-A35D-25733C84B347}" = protocol=6 | dir=in | app=d:\fsetup.exe |
"{4BF48DAF-E88E-4B0E-B32B-8C1DC8641EC9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4CA58B40-3EC6-4C2B-A66A-9716270A3CA2}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{4DBEF5D3-107F-4D19-823A-3316143ED6DD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4F5E14DD-AA7A-4F72-9250-1A87B698BD4D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{5287390A-8090-4B72-9DDD-DEFD45970805}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe |
"{58B64600-5E26-44AD-B4A5-F1F5A4439F73}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{5FF55B6F-CFA5-42E9-A6DF-07D112FBA2F2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{60B8C299-EB73-4493-AAB9-2E77529077F5}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{6A427348-1396-48F4-A7FB-9D165BE0202F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76837BE6-6420-4924-A997-B7E805541A69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76B77A97-A080-48C6-8466-DF3E318F52B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76C6E039-4C70-4CDB-9966-26F91CC521FD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{78F9ECC8-FD43-4717-AB81-B3E5B1C12C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CBB4109-A228-4256-BABC-B3FE6CC434E5}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{82AA9E7B-679D-4AD3-BE4A-C2A6473B55B1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{896E222E-8BEB-4380-B403-C755ED6F47E5}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe |
"{8D6AC94D-77D1-4275-B8A5-41094D648F15}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8F49BBE2-9D61-4D09-8347-B6F64DDF854F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{934C4178-5EED-42EE-AD0C-B683BAD31214}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{946F01DC-CA9B-407C-8035-9335DE765979}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{95568745-09ED-4F5A-9808-CC1481E28A76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9AD78029-34C6-463A-9237-AEA94E803D14}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9B58DEAE-403D-49C5-A0CC-6F4A103FA650}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9E7753C6-4B7B-4A0F-91C9-2DBA68FC0D59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FEA9F84-FF75-455F-B250-E273E22E5D45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3AD89C6-D56B-4E9D-88F6-63772FEB29F5}" = protocol=17 | dir=in | app=d:\fsetup.exe |
"{AB8FF451-60A6-4B92-B5BD-5D0B17005AA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFEDD44F-D00C-457D-8791-F37DE1E94F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B09DAAEB-2AD5-4AD8-925B-F28BE8244BC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5EDDC26-D41F-42E8-B168-4F7EC08423FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B735CC72-CDAB-4351-AD72-5D6AE5F32797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7A4F85F-9990-4522-97BA-82A817100BE9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB8657DD-4FC3-4D1C-B226-97C40B298C45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCD3BBAF-30D0-428E-86BF-176F930A25A9}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{CB737821-224A-442B-ACDB-3477609D1934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDB2A66C-E55E-41D7-91D8-3EE74FAAD081}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{CFD5B692-2106-466F-B1D0-9646A1F60D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{D275E3F0-1AF0-4EF6-88F2-9BBB46ED3E87}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D3332FD8-5C56-4B73-8CD7-85D49674446B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D63ABC67-8E00-496D-AD94-B3F78F221DBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBFAFB3C-4B61-4B06-B3DC-9586BA818DD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC1DF673-D402-4927-BE3D-D3477EAB802F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E26ADFEE-3BFB-4AA0-96FC-CFB25752E634}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6FDB3C2-70A6-439B-B408-0E8F86E73447}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E7C63A00-5B5B-4ECA-98F0-2B2D249F6CE8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EE0BB81D-E351-4CA1-93B0-EE20EB3B5F43}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F4A2622F-3EAB-457D-A5E1-26F1BF7AE77F}" = protocol=6 | dir=out | app=system |
"{F66CC220-A734-4F30-9280-08F279766F5C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FAE1869D-39BA-4BC5-82EE-17C6DD65CB3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{FBC68AAE-CCB6-4582-88BF-9AFD229893FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{FE827845-5923-493A-98FA-879536DB25EA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"TCP Query User{09197238-8542-440E-919E-4B443CE97764}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{0C5DEF60-44BD-44AE-AA7E-67205FEE9FEE}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{0D0511E2-73A1-4DCF-9963-8AB03CAB2CA2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{21B37AD3-14C7-412E-9FAC-7A72345A2416}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{365D0F19-C201-47D9-AA5F-01B791CF004A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{3E44E4A8-E491-4BFD-A64E-0310F8D1BBA9}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{9AF6ADBE-AC6A-4284-A2B2-BF9536EC1A26}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{9BF5522C-507A-4D90-8109-7FA2D477A3A7}C:\users\frank\downloads\maestia-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\frank\downloads\maestia-downloader(1).exe |
"TCP Query User{D36A002D-11ED-4DCC-92D0-866FEA435BA1}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{DB9F5B3A-3D20-459F-9C71-4583C2C80C65}C:\users\frank\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\frank\downloads\maestia-downloader.exe |
"TCP Query User{EC73549D-CF8A-4A10-80E7-FD4217DA2930}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{EEE1D85D-6AA3-4941-B078-A17063113583}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe |
"UDP Query User{44C7A380-E6C1-43AB-A61F-C001CB880F18}C:\users\frank\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\frank\downloads\maestia-downloader.exe |
"UDP Query User{591D3E77-D290-4345-86AF-90391012DF48}C:\users\frank\downloads\maestia-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\frank\downloads\maestia-downloader(1).exe |
"UDP Query User{7B51892A-DD7D-4694-A7BA-8BB1E06135BF}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{7B7DF927-7D6F-4262-95CB-463077739C45}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{993AD3F8-6681-4CC8-AD46-4D949F688F12}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9A99AA8C-DC7E-43AB-A0A7-56C4D98F9EE8}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{A85102DB-78CE-4983-B85E-4ABAB1766CE2}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{C508D110-21B6-476B-A660-5834D9254E16}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe |
"UDP Query User{C567A00E-2FF7-406C-BFE3-A82AC26E2F00}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{DE3CB284-7450-47DF-9406-B683B3F00219}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E412DA07-514C-445A-9B79-260C72B89A38}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{F83908CB-674C-4AC9-AEC1-E997D6CB02C1}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B1E8FA3-32BB-4902-AF7E-B9D9DAD6A675}" = Trust Webcam 16175
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DB7AE42C-695D-4D36-A8FA-31A1C6454436}" = Nokia PC-Internetzugang
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"GameSpy Arcade" = GameSpy Arcade
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Inkscape" = Inkscape 0.48.2
"InstallShield_{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"IrfanView" = IrfanView (remove only)
"LG Internet Kit" = LG Internet Kit
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mmssetup_is1" = MixMeister Studio Demo 7.3.2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Internet Access" = Nokia PC-Internetzugang
"Origin" = Origin
"PartyPoker" = PartyPoker
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.10.2011 00:05:34 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.10.2011 00:06:27 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.10.2011 10:26:54 | Computer Name = Admin-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 28.10.2011 10:30:39 | Computer Name = Admin-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 28.10.2011 11:43:55 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =
Error - 28.10.2011 11:49:29 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =
Error - 28.10.2011 13:10:20 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: cc0 Anfangszeit: 01cc9592d87a4f80 Zeitpunkt der Beendigung:
218
Error - 28.10.2011 13:30:17 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 28.10.2011 13:30:18 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 28.10.2011 13:31:32 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.07.2012 02:25:26 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 06.07.2012 02:25:50 | Computer Name = Admin-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Deskjet 3070 B611 series nicht
unter dem Namen HP Deskjet 3070 B611 series freigeben. Fehler: 2114. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 06.07.2012 02:26:22 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 06.07.2012 14:23:48 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 06.07.2012 14:24:51 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 07.07.2012 06:55:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 07.07.2012 06:55:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 07.07.2012 09:58:58 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 07.07.2012 10:32:58 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 07.07.2012 10:32:59 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
< End of report >
So, weiter weiß ich nicht mehr! Hoffe ihr könnt mir helfen! LG - Claudia Geändert von maeusuruh (07.07.2012 um 16:02 Uhr) |
| Themen zu Mystart.incredibar entfernen |
| administrator, anti-malware, appdata, audacity, autostart, blöde, computer, computern, dateien, durchgeführt, entfernen, erfolgreich, explorer, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, install.exe, intranet, launch, leute, malwarebytes, plug-in, preferences, progressive, quarantäne, richtlinie, roaming, searchscopes, service, service pack 2, software, soooo, speicher, test, version, version., vista, visual studio |
Baum-Darstellung