![]() |
|
Log-Analyse und Auswertung: ebenfalls BRD TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() ebenfalls BRD Trojaner Hallo, habe mir soeben auch den BRD Trojaner eingefangen. Hier ist ja ganz schön was los im Forum, bin wohl nicht der einzige mit dem Problem! Jedenfalls hab ich im abgesicherten Modus mal die OTL-Files erstellen lassen. Allerdings habe ich bei LOP und Purity Prüfung keine Häkchen gesetzt für den Scan. Ist dies notwendig? Hier der Scan: OTL logfile created on: 26.07.2012 00:58:38 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Helen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=641eba1a000000000000f46d04554a99 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=641eba1a000000000000f46d04554a99 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=641eba1a000000000000f46d04554a99&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions [2012.07.16 11:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions [2012.03.30 12:57:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.14 15:44:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\ffxtlbr@babylon.com [2012.07.13 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.07.19 20:48:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe () O4 - Startup: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Helen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 00:56:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe [2012.07.25 23:59:32 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\hellomoto [2012.07.16 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C485454-6208-4F37-B22E-29809535D682} [2012.07.16 18:21:20 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D19777FF-C7F6-4956-A21A-98D937501ACB} [2012.07.16 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{43DCBD8F-EC83-4600-9D44-9D2A80841C88} [2012.07.16 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D21CF5EF-47AD-428E-96E1-093D86B024D3} [2012.07.16 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{CE529AFA-2002-400B-90F4-1331865A1009} [2012.07.16 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{97B602B2-F2C5-4D5F-BC9D-CC23104B6741} [2012.07.16 16:34:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{B711FC83-F6DF-445D-BB7A-067D37F4BEDC} [2012.07.16 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{2179FFC6-159D-41BC-8F11-D31B17251352} [2012.07.16 16:34:09 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9762F804-DCC3-49B3-B74E-6889238B7F9A} [2012.07.16 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{05631721-F9B6-4D09-BC68-1CAB50D3F382} [2012.07.13 22:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.13 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.07.13 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.07.13 19:29:04 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{8ECDA36E-4D20-4B0E-AA54-63BCAB1D35DD} [2012.07.13 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{22B3DA65-3602-4BF5-B333-80408130AE3A} [2012.07.13 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{0BDC0BAE-A6DE-4797-83A0-6F51CC78DB32} [2012.07.13 18:31:45 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C01BF31B-2150-4C9E-B2C9-279173BDEF68} [2012.07.11 12:33:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.07.11 12:33:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.07.11 12:33:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.07.11 12:33:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.07.11 12:33:02 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.07.11 12:33:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.07.11 12:32:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.07.11 12:29:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.07.11 08:47:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2012.07.11 08:47:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll [2012.07.11 08:47:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2012.07.10 21:06:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe [2012.07.10 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\konrAD [2012.07.10 09:39:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{7186AC0E-83B3-4104-887A-A98322D1398A} [2012.07.10 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C373695-9223-4461-80BF-31A9875FCEA7} [2012.07.05 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\elsterformular [2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.07.05 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2012.07.05 13:01:21 | 060,109,528 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe [2012.06.29 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{FC320FD4-E6C1-4A4D-B013-1EB273427876} [2012.06.29 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{DDCA012F-EB82-4813-9691-5F03C5E3C4FE} [2012.06.29 12:25:30 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{BEDC29ED-343C-4171-B498-6054A8746F66} [2012.06.29 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{1EEEB591-D49D-48C7-AB2A-708346C5EFDD} [2012.06.29 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9BB38683-5647-4982-9D95-6C99095780AA} [2012.06.29 09:59:47 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{4D3F5D6C-7CDB-4F92-BCC1-7039217B61EA} [2012.06.29 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{25389F5B-3A8E-4A29-8A83-60D21F8EBBA6} [2012.06.29 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{EF02060F-E687-4CD9-B187-96D59ED23EC8} [2012.06.29 09:59:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C4518C95-6D89-4BBD-B302-9E7A3F272793} [2012.06.29 09:59:01 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{A18BEA2C-507E-4189-856F-C285D5B573AE} [2012.06.26 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\orga [2012.06.26 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9196A4AC-C4F2-46F8-8B26-904DF2810473} [2012.06.26 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{01594283-E840-404A-B25D-3A6EC5559BF8} ========== Files - Modified Within 30 Days ========== [2012.07.26 01:01:42 | 003,932,872 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.07.26 01:01:42 | 001,611,648 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.07.26 01:01:42 | 001,177,688 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.07.26 01:01:42 | 001,050,940 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.07.26 00:56:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe [2012.07.26 00:55:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.26 00:54:56 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 00:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.13 22:43:11 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.12 12:21:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.07.12 12:21:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.07.11 18:32:34 | 000,410,064 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.07.05 13:02:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.07.05 13:01:45 | 060,109,528 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe ========== Files Created - No Company Name ========== [2012.07.13 22:43:11 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.13 22:43:10 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.05 13:02:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.06.03 15:39:55 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat [2012.06.03 15:39:55 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini [2012.06.03 15:39:54 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat [2012.06.03 15:39:54 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat [2012.06.03 15:39:54 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat [2012.06.03 15:39:54 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat [2012.06.03 15:39:54 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat [2012.06.03 15:39:54 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat [2012.06.03 15:39:54 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat [2012.06.03 15:39:54 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat [2012.06.03 15:39:54 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat [2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat [2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat [2012.06.03 15:39:54 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat [2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat [2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat [2012.06.03 15:39:54 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat [2012.06.03 15:39:54 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat [2012.06.03 15:39:54 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat [2012.06.03 15:29:29 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini [2012.04.16 21:12:24 | 000,000,126 | ---- | C] () -- C:\windows\System32\AF15IRTBL.bin [2011.09.09 16:42:56 | 000,000,154 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\default.rss [2011.09.09 15:19:29 | 000,002,684 | ---- | C] () -- C:\Users\Helen\Nero StartSmart Essentials.lnk [2011.09.09 14:54:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.09.09 14:53:27 | 000,001,104 | ---- | C] () -- C:\Users\Helen\E-Manual.lnk [2011.04.15 20:20:34 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.15 20:20:33 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.15 20:18:36 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.04.15 20:16:20 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.15 20:16:18 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.15 20:15:55 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat [2011.04.15 20:15:55 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.15 20:15:53 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.15 20:08:43 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.15 20:05:03 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.15 20:05:03 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2011.02.16 12:41:17 | 003,932,872 | ---- | C] () -- C:\windows\System32\perfh007.dat [2011.02.16 12:41:17 | 001,177,688 | ---- | C] () -- C:\windows\System32\perfc007.dat [2011.02.16 12:41:17 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2011.02.16 12:41:17 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010.07.29 09:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys < End of report > Und hier der Scan von der Extras-Datei: OTL Extras logfile created on: 26.07.2012 00:58:38 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02128961-31FB-49BE-8773-A97FA0FF2C4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{04E8382A-5C52-428E-8120-51D89D2DB4ED}" = rport=445 | protocol=6 | dir=out | app=system | "{0A563FD1-D31D-490C-8383-A4BF73FE71B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0E9B0BEC-17DA-4C1A-ABCA-7E956692A681}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1EA21E7F-937E-41D0-B3EB-DFBA44AFE75C}" = lport=10243 | protocol=6 | dir=in | app=system | "{1EBC79DA-C9E5-44A0-B221-8CAA2414CC1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{2284C6CD-9471-4ABB-B4BF-43DDA9C822B5}" = lport=138 | protocol=17 | dir=in | app=system | "{2D815D21-F39F-4275-80A8-3E72C18BBD43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2FFE8166-F0A6-44A4-8D85-BB45E52365C7}" = lport=139 | protocol=6 | dir=in | app=system | "{3D4A268E-ABF6-4001-AE4D-20F2C800F4B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F5DF7FC-452D-4F0E-96C5-D3FBFDFFE32F}" = rport=137 | protocol=17 | dir=out | app=system | "{57AA23D8-2CEC-40DF-B872-1B8E44DFDAFA}" = rport=138 | protocol=17 | dir=out | app=system | "{5978F86D-636B-4342-AA70-9F010CA1ED27}" = lport=137 | protocol=17 | dir=in | app=system | "{5AF7B3A7-81ED-4096-8AEB-06924F5304EE}" = lport=445 | protocol=6 | dir=in | app=system | "{665C269A-AE69-4A8E-AB78-2CBC7F989D48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{68F6EB20-9121-41E8-82BB-80918D92AA38}" = rport=139 | protocol=6 | dir=out | app=system | "{857D4AAB-C549-4AE7-ACAE-F2CCCF402F7A}" = rport=10243 | protocol=6 | dir=out | app=system | "{98C3B615-51ED-4F87-9F9F-3E72B0ABB51E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9B234762-AD68-46D8-9F24-D1838135701A}" = lport=2869 | protocol=6 | dir=in | app=system | "{A4487380-8E51-4C1A-B1D5-67DCD93F7CC5}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{AFAB807C-04A0-4F53-9588-B6678C89A34C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BE20F2BD-F3E5-4E31-BF1A-2DB78179EE1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BEF4B8A2-8E52-41C7-BDB9-89A2FD1C8539}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA8EAA85-4E7F-49E7-A0B5-660CEECBE1C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EA7754F1-4F99-4E39-AFC0-6EF6649A2761}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EC1CB879-1CB1-4B7C-B99F-936E753566BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F22CF440-3F8E-41DE-9C77-67CE35D19913}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F415D6D7-D0B8-4154-A336-59CBA44B072A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00EC0A11-AABC-44FB-9134-FB47C33612D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0B9062F3-2E9C-46D3-9FD8-B7B7139488EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0CD9809E-D50B-4661-9EF3-0D0B543FDA15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1ABD58F4-4DB4-4C8E-9841-57DD917128CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1E426BA7-70F9-4F14-9DF2-386A91F7DFA7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20353FD6-4B63-4BC3-B423-083C5DD8AE31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{205703C7-D530-4CCA-A549-C320EDC7F033}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3B5FFC27-7FA7-470D-BF00-469F6B732739}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3EC4549B-B19D-476E-9552-73DA66C7D173}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3F380DD3-7467-4A22-8AEF-85D9805F9AFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{427BAA16-CB47-4944-B762-78C37F76E1F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{49F66FE2-6BB9-4E98-AB27-F02B83B23A20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5661CC1A-7D8D-4462-88BF-22E7CF96E5A3}" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "{5EEE7F49-0B1B-4A4B-BE9D-97E7577EEC16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{665B855C-EEDF-485F-8E65-4388F298F98B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BEBA761-6B55-4D27-8FA5-3E5ADD51281B}" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "{96EE3C52-51C2-4288-836D-C438CA2A0F96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{97A96353-DB5A-4BEB-B902-9921C5DB1C9C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BD4AFB2E-7894-4AF6-83C5-7404C2D4FC1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C3CCE8DB-1D6C-4720-B047-B2F114033E4A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CEA8B43F-D862-486A-807D-10BBDD419972}" = protocol=6 | dir=out | app=system | "{DB2B2FA9-A041-4930-B868-8474AAD0BEA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DBFE2052-60C9-47F0-87D9-455336C93F1D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E8995C65-AADD-4399-99F2-97C39BC86FEC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ED4D9000-7018-41DC-ACC7-9B084E62D77D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F0319BEE-8098-48E2-9401-48DCBFB02A51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{0D61D9D1-DB3A-4E85-9AC9-291ABF3A84F8}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "TCP Query User{0FBC53B3-BD51-413A-8608-F1BA6C8A4740}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{B37667F7-C174-4537-87C0-068382AF110E}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "TCP Query User{C2D7BB05-CB57-43F5-ACFE-5236DF48995D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{A6688AED-3598-4F65-861C-AC57F98BFD8B}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{D1035AD5-D6F9-4338-9ECF-5C2698C57ECE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D63FAF2F-B63B-48C0-8CFA-1494E8FD748C}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "UDP Query User{F7E0936C-1A1E-4A52-83A8-AF6ED8D2FF59}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety "{0f5aaa71-64ab-43bb-afdf-2282f9c211bf}" = Nero 9 Essentials "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter "{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19 "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources "{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "dm-Fotowelt" = dm-Fotowelt "Eee Docking_is1" = Eee Docking 3.8.3 "ElsterFormular 13.2.0.8623p" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch "fotokasten comfort_is1" = fotokasten comfort 4.4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 19.03.2012 23:28:12 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 20.03.2012 06:47:42 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 20.03.2012 11:13:25 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Avira AntiVir Guard" wurde nicht richtig gestartet. Error - 20.03.2012 11:13:31 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 03:06:04 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 14:03:56 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 23:28:00 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = DCOM | ID = 10005 Description = Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Ich hoffe, auch mir kann geholfen werden. ![]() |
Themen zu ebenfalls BRD Trojaner |
antivir guard, avira, babylon toolbar, babylontoolbar, bho, bingbar, error, excel, fehler, firefox, flash player, format, google, home, install.exe, installation, logfile, mozilla, office 2007, plug-in, problem, prozess, realtek, registry, rundll, search the web, searchscopes, security, software, svchost.exe, trojaner, udp, windows |