| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.10.2012, 12:20
| #1 |
 |  Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Ich habe mir wohl ChatZum und Yontoo eingefangen. Da ich Win7 habe kann ich den IE nur deaktivieren. Die Brower löschen und neu installieren funktioniert daher nicht. Wie bekomme ich beides wieder los? Über Hilfe wäre ich dankbar OTL: Code:
ATTFilter OTL logfile created on: 14.10.2012 22:15:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop\Roland Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,44% Memory free 6,00 Gb Paging File | 4,94 Gb Available in Paging File | 82,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 66,20 Gb Free Space | 11,49% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 3,20 Gb Free Space | 16,03% Space Free | Partition Type: FAT32 Drive E: | 1,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.13 21:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\Roland\OTL.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.05.23 08:18:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe PRC - [2012.02.14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcfgex.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 01:15:34 | 006,124,744 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe PRC - [2009.01.04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2008.10.20 15:28:44 | 000,045,056 | ---- | M] () -- C:\Programme\AVEO USB2.0 PC Camera\AVEOCamSDK.dll MOD - [2008.08.27 16:32:36 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV - [2012.10.09 11:53:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\System32\ksupmgr.exe -- (ksupmgr) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.02.16 18:31:25 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV06.sys -- (ACEDRV06) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 19:25:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.06.17 19:25:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.05.29 11:26:18 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2010.03.15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.09.08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv09.sys -- (acedrv09) DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp09.sys -- (acehlp09) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.02.20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\Filme IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.arcor.de/login/ IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {D00AE851-0E1E-441E-BFF5-67D19C7B84B5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms} IE - HKCU\..\SearchScopes\{CB406FCE-1FFD-42EA-8DFC-CC93D851104F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{D00AE851-0E1E-441E-BFF5-67D19C7B84B5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE474 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 08:17:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 10:48:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.12 09:51:00 | 000,000,000 | ---D | M] [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Feeds] C:\Windows\System32\oobe\info\FEEDS.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9875F34-6A0B-4D57-963C-A430B6AA4A44}: NameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.11.12 18:00:43 | 000,000,071 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2008.10.06 09:34:50 | 000,635,696 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2012.10.05 15:32:19 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.30 13:25:36 | 000,244,680 | ---- | C] (Salfeld Computer) -- C:\Windows\System32\wdrvhook.dll [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net [2012.09.24 21:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.09.22 09:21:29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\DVD_VR [2012.09.19 16:14:40 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Macromedia [2012.09.19 08:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.09.19 08:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ChatZum Toolbar [2012.09.19 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Mozilla [2012.09.19 07:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.19 07:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.14 22:14:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.10.14 22:07:54 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:07:54 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:01:10 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.10.14 22:00:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\excltmp~.dat [2012.10.14 22:00:47 | 000,001,309 | ---- | M] () -- C:\Windows\System32\cchservice.err [2012.10.14 22:00:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.14 22:00:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.14 22:00:31 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2012.10.14 21:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.14 21:48:30 | 700,465,148 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.14 21:47:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.13 22:05:41 | 000,000,000 | ---- | M] () -- C:\Users\Andrea\defogger_reenable [2012.10.13 20:48:39 | 000,428,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.13 18:41:23 | 097,271,295 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.10.13 18:32:16 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.13 11:54:00 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.12 15:41:19 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.12 15:41:19 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.12 15:41:19 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.12 15:41:19 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.08 20:39:58 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.08 17:43:24 | 000,001,786 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.10.06 18:50:01 | 000,203,300 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.10.06 15:19:47 | 000,101,420 | ---- | M] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 16:06:32 | 004,692,959 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.05 16:06:02 | 004,642,136 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.02 18:04:18 | 000,011,100 | ---- | M] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 12:16:36 | 000,000,582 | ---- | M] () -- C:\NET.INI [2012.09.30 20:14:08 | 000,618,081 | ---- | M] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | M] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:48 | 000,066,048 | ---- | M] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 17:22:33 | 005,877,367 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.25 22:40:54 | 000,061,925 | ---- | M] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:30:19 | 000,079,088 | ---- | M] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [2012.09.18 18:00:43 | 000,030,092 | ---- | M] () -- C:\Users\Andrea\Desktop\chatprotokolle matthias.odt [2012.09.18 16:00:37 | 000,010,477 | ---- | M] () -- C:\Users\Andrea\Desktop\testdruck.odt [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.14 08:49:25 | 700,465,148 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.13 22:05:41 | 000,000,000 | ---- | C] () -- C:\Users\Andrea\defogger_reenable [2012.10.13 20:59:23 | 000,001,417 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.13 20:48:26 | 000,428,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.12 10:02:53 | 000,011,528 | ---- | C] () -- C:\Users\Andrea\Desktop\2012_Grilleinteilung.pdf [2012.10.08 20:39:58 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.06 18:06:50 | 004,642,136 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.06 18:06:39 | 004,692,959 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.06 15:19:45 | 000,101,420 | ---- | C] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 15:32:20 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.02 18:04:10 | 000,011,100 | ---- | C] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 10:35:01 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.09.30 20:14:05 | 000,618,081 | ---- | C] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | C] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:47 | 000,066,048 | ---- | C] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 06:40:18 | 006,804,499 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060526.JPG [2012.09.26 06:40:18 | 005,877,367 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.26 06:39:25 | 006,993,253 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060527.JPG [2012.09.25 22:40:53 | 000,061,925 | ---- | C] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:39:40 | 000,079,088 | ---- | C] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [2012.09.19 16:14:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.18 18:54:52 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.18 18:00:41 | 000,030,092 | ---- | C] () -- C:\Users\Andrea\Desktop\chatprotokolle matthias.odt [2012.09.18 16:00:35 | 000,010,477 | ---- | C] () -- C:\Users\Andrea\Desktop\testdruck.odt [2012.09.07 12:05:54 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.04 10:15:36 | 000,000,582 | ---- | C] () -- C:\Windows\wiso.ini [2011.12.07 19:09:54 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2011.12.07 19:09:54 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2011.12.07 19:09:54 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2011.12.07 19:09:54 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2011.12.07 19:09:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2011.12.07 19:05:47 | 000,001,360 | ---- | C] () -- C:\Windows\_delis32.ini [2011.09.21 21:33:58 | 000,000,296 | ---- | C] () -- C:\Windows\{EF79E2B2-35E7-431B-A51F-8B507F9C647D}_WiseFW.ini [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.05.31 17:36:37 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe [2011.05.31 17:36:36 | 000,000,600 | ---- | C] () -- C:\Windows\System32\nochook.ini [2011.03.15 10:36:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\excltmp~.dat [2011.03.15 10:34:44 | 000,000,179 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL [2011.03.15 10:34:44 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini [2011.03.15 10:34:42 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys.VIRUS [2010.12.07 20:26:10 | 000,000,342 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\wklnhst.dat [2010.03.29 19:43:57 | 000,000,155 | ---- | C] () -- C:\Users\Andrea\.appletviewer [2010.03.12 10:14:48 | 000,000,673 | ---- | C] () -- C:\Users\Andrea\Andrea - Verknüpfung.lnk [2010.02.12 14:34:42 | 000,010,240 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.08 22:27:52 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.08 22:07:23 | 000,000,680 | RHS- | C] () -- C:\Users\Andrea\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.26 21:02:01 | 000,000,000 | -HSD | M] -- C:\Users\Andrea\AppData\Roaming\.# [2012.09.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Audacity [2012.04.21 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG2012 [2012.01.04 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Buhl Data Service [2012.04.10 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\cerasus.media [2012.10.05 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Cornelsen [2010.10.29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Der Planer 4 [2012.08.16 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoft [2011.02.01 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.04 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Free Download Manager [2012.01.20 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\FRITZ! [2010.11.20 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo [2010.05.28 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Haufe [2010.03.29 21:19:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient [2010.01.21 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Lexware [2012.02.22 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient [2012.05.28 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient2 [2010.01.21 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org [2011.10.27 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\phonostar GmbH [2012.10.05 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.07 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Salfeld [2010.05.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\saveTV [2010.12.07 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Template [2011.05.16 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Timerle [2010.09.28 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems [2011.03.12 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Wildlife Park 2 ========== Purity Check ========== < End of report > Code:
ATTFilter
OTL Extras logfile created on: 13.10.2012 22:07:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop\Roland
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,70% Memory free
6,00 Gb Paging File | 4,65 Gb Available in Paging File | 77,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 43,41 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,20 Gb Free Space | 16,03% Space Free | Partition Type: FAT32
Drive E: | 1,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 1863,01 Gb Total Space | 255,98 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20E5F1BA-F514-42B6-8A1E-7B79C1304FFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{219DF56D-34F0-4BDA-90AE-4D20D3FD3946}" = lport=10243 | protocol=6 | dir=in | app=system |
"{535D3C00-FA66-4641-8429-5F5AE95D41BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62397B7C-5A6E-44F6-B026-F318579CFAE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{965C47DE-0A18-4A8E-9FA8-483771D6327E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE89FEE2-4FB0-4C8F-A013-86EEF451D6DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA317BEF-6779-4114-A639-E7336EE5EE46}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10F16CF-DA90-4713-BDC5-FAFBB2391BE8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE2D3AC8-1F8D-47C2-A380-C45FEC329422}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBE645F6-1E82-4BC7-82C4-156C927C860E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6D6A0C-4CB2-4BB2-B30E-C8A1A2A067AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1200E553-A82E-4718-9EA5-F3D5649DA10B}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{14153FAE-84C3-410F-AA7B-83458C44AA84}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1599D108-5182-4872-8554-D2DE1901FA5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{162C9747-2FE2-47E3-AC11-2D9DE98A7902}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CAA5504-F377-45D8-AFDF-5ACDA58BCC20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CFC3663-1E68-4330-86CE-707E3644BA97}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{1EF1CF0A-A07B-404F-A497-B450F9F43604}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FCC9E3A-7523-4ACC-9E19-8941187EF8DB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2603E283-0FB4-4449-A4D9-172B2A718541}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{2BA27A4F-E548-4CA0-8BE7-4FA4D30EFB3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FEED980-19A2-4C90-9833-067CE67227A8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3EDF99DD-BEC3-4246-B44E-8B35CAF22609}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4057EF47-C7AE-4E95-A371-4425DA2011F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45AFBBC2-ABB2-488F-94CB-4C2A036E1475}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{48EBC8ED-E59F-4532-827B-7CB447C097FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50D39E27-C70E-4145-A84A-482560366F48}" = dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"{555384F5-71E2-4EDB-BBB1-281D7FC2B6AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58D2201E-C62C-429A-A250-643C79618AA5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{602B1342-750D-4644-833A-D07D74323D9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{60F203D9-53E7-40D7-BB71-E7ACD7946405}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6410C904-2E48-441A-9C50-0024788CB28F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E580A85-352C-432B-89B8-C08D89954E6A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6EB854F6-976C-462C-B421-EB55F5F86971}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7499F2C7-32AD-4FC4-B585-7F2F09E4D7D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{796EF2F4-FE94-43C7-8C7C-2AC34A1E32DE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{82FDCCB2-76B1-41B1-AEC2-7F064848852E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AC7BC77-1038-423A-B350-5E9F29CEC8D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91BF6C7D-2FA9-411E-865D-E1205BC28690}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9C7B5180-6806-49C6-91AF-B9AA0E9812A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A41C9408-5BAF-4AD4-80F8-850D65221515}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{A5FE3C51-1B02-48E2-B88C-14F3EA292E21}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A6E48282-3C1B-4810-8943-F96A11E2184D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0C3A773-1C6A-4189-A020-2358E04B98EE}" = protocol=6 | dir=out | app=system |
"{B1C746FE-6885-45D3-9213-E97CC8C3A6E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4F27669-61DF-4A61-8CE3-296B3A5CEE30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCD289DA-24A6-474C-A13E-117AAFCC938E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BFEBA121-1854-4099-95AC-7B2C187BAE8C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFFFB145-98DA-4D5F-B6F8-F44BDC1CA988}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C31C4C82-6FD3-428E-974E-8C09E59AC0BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C7DE92D3-F416-4CBC-9684-B9084A9E6C5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDA8A57D-9B14-41E5-BF70-B22FF53B9123}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CE531381-2412-4212-998F-2C2B5DCF0A1C}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{D1AA70FB-6B1A-435C-AA0E-0FE009C3B0FC}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{D20AB7EA-56DF-484B-9CC7-6B285F5D27A7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{DADB21F5-2C01-4E8B-A4A3-1897C8BE6B7C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{DAE711A3-1187-4335-A77C-FBD2777BEE1A}" = protocol=6 | dir=in | app=c:\program files\fritz!box-kindersicherung\avmident.exe |
"{DD9F8B3C-D2A2-4A94-8567-7CD2FF8339CC}" = protocol=17 | dir=in | app=c:\program files\fritz!box-kindersicherung\avmident.exe |
"{DFB211E7-501A-4303-9149-B1E42B065754}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E14C4F88-62BD-49A9-8EE0-A856507599A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E376A292-99DD-47D6-8707-7057FE7B3F6A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FB7759AD-C439-4679-98C2-1C3B4AFA1D3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4428C8FC-34EA-4A39-BA91-F30370B931F0}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"TCP Query User{71990E24-9CBD-4FC9-AF2F-84942EAD726F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7B476CCE-AA50-41FF-A954-08F1ED085980}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"TCP Query User{85698A35-67F4-4699-AFA9-25B6E3AFCAAF}C:\program files\numnumspiel\numnumserver.exe" = protocol=6 | dir=in | app=c:\program files\numnumspiel\numnumserver.exe |
"TCP Query User{B426F009-7925-409F-9869-B8842B10C5E8}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"TCP Query User{C7D8B56C-FC65-4149-B1A1-16CD89C291A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E1920361-AA57-484E-9933-613C478C91CD}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{0BB8B13D-3807-4C91-9709-106B12630003}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{1FD90EE5-0F6F-4594-89A6-58F304F2DCE0}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{4BEB0E3D-249A-4DDD-B033-04B18992615B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{56058492-0AF8-4183-9E3A-A01FCD216BE2}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"UDP Query User{6C0A69EE-72CC-4409-8AA5-FA3CD57B211A}C:\program files\numnumspiel\numnumserver.exe" = protocol=17 | dir=in | app=c:\program files\numnumspiel\numnumserver.exe |
"UDP Query User{CAFC0AB5-B880-486C-988E-B9A4486406A6}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{FAC3A5D8-2958-4F1A-890A-BA8E65ADAAFF}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{011D3ED9-1829-48F5-A22F-3B10A886B262}" = English Coach 21 1
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb" = CVE-2012-1889
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09CB31A8-584F-4BC4-8151-B626A023E604}}_is1" = TOPP Vorlagen-Druckstudio (3490)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0D06066D-69E5-4B7E-8409-86F221E7AEFA}" = Octava SD4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{151FFC5F-ADE2-4CC3-AB0B-D9F8EB3FBF7A}" = Wildlife Park 2
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}" = phase6_18
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2588022D-38FB-4335-9B3D-B76B7F244A5C}" = Langenscheidt Vokabeltrainer 4.0 Englisch (OEM)
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29447369-6968-4e86-a208-603f6f0771a6}.sdb" = CVE-2012-1889
"{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3574F326-3F29-4182-8566-3E2E3A667041}" = WinPhysik XXL
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{381D847E-7E56-4E82-B261-F799E0F40EB4}" = PHOTOfunSTUDIO 4.0 HD Edition
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40D5AB10-F3E0-4A3E-B59A-25BE077EBD11}" = Cornelsen Kalender
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4496D5D4-7658-4889-A447-7521876050C4}" = WinMathematik 2.0 XXL
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E4E15DD-6CE6-4AAD-81EC-F8A9C0D83449}" = Vokabeltrainer-Update 4.0.19
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{511C626A-66BB-4E4D-8A23-5E8D52B8FA32}" = Mathica
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C459192-BBB7-446C-9DC8-E502E02FEB51}_is1" = Timerle 1.04
"{804ED550-B39F-474D-AC6C-49C35511F14D}" = Wildlife Park 2 Patch 2.00
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2FCDB3C-F9D1-40CE-B2BD-DE471930C483}" = English Coach 21 Band 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A8EC9CBD-35FF-44A1-913A-DE676CE0D876}" = Entdecken! Lernen! Wissen! Der menschliche Körper
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B59E14F6-B241-42C2-B626-9F41FD1DCD6D}" = Playway 4 Rainbow Edition
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DA10D8B2-E38E-4374-9288-15B41DA1BBF3}" = Corel Home Office
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF79E2B2-35E7-431B-A51F-8B507F9C647D}" = AVM FRITZ!Box-Kindersicherung
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{f300e352-12de-4e7f-ace3-a376874402b6}.sdb" = CVE-2012-1889
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8151A23-1B3D-4D6E-9904-30D279AABB47}" = Stadtrallye
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Alfons Lernwelt" = Alfons Lernwelt
"Audacity_is1" = Audacity 2.0
"AVG" = AVG 2012
"Blitzrechnen " = Blitzrechnen
"Blitzrechnen 1+2" = Blitzrechnen 1+2
"BlueJ_is1" = BlueJ 2.5.3
"Bridge Building Game" = Bridge Building Game
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Das Sams" = Das Sams
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Dogs, Cats & Friends_is1" = Dogs, Cats & Friends
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Forte Free" = Forte Free 2.0
"Forte Standard" = Forte Standard 2.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Fritz und Fertig 4" = Fritz und Fertig 4
"GUT 1" = GUT 1
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Kindersicherung_is1" = Kindersicherung 2012
"MediacoderSE1.1" = MediacoderSE
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NumNumSpiel" = NumNumSpiel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pelikan VA" = Vereinfachte Ausgangsschrift
"Physicus II_is1" = Physicus II ´07
"ProtectDisc Driver" = ProtectDisc Helper Driver
"RealPlayer 15.0" = RealPlayer
"ROBOProFischertechnik" = ROBOPro (fischertechnik) Programm
"S2TNG" = Die Siedler II - Die nächste Generation
"Siedler3Deinstall" = Siedler3
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SolveigMM AVI Trimmer 2.0.1108.18" = SolveigMM AVI Trimmer
"Superbike Racing 2 - from Midas" = Superbike Racing 2 - from Midas
"SuperTux 0.3.3" = SuperTux 0.3.3
"Um die Welt in 80 Tagen_is1" = Um die Welt in 80 Tagen 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"Vereinfachte Ausgangsschrift VA_is1" = Pelikan Schulschriften
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"64ad468768c89317" = Save.TV EasyRecord DownloadManager
"ROBOProFischertechnik" = ROBOPro (fischertechnik) Programm
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2012 13:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:43:57 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:44:12 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 13:57:34 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:13:57 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:32:02 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 14:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 14:49:53 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:55:16 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20.04.2012 00:10:31 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 06:10:31 - Fehler beim Herstellen der Internetverbindung. 06:10:31
- Serververbindung konnte nicht hergestellt werden..
Error - 20.04.2012 00:10:40 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 06:10:37 - Fehler beim Herstellen der Internetverbindung. 06:10:37
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2012 01:35:49 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 07:35:49 - Fehler beim Herstellen der Internetverbindung. 07:35:49
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2012 01:35:59 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 07:35:54 - Fehler beim Herstellen der Internetverbindung. 07:35:54
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 13.10.2012 13:58:18 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:12:30 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:14:39 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:14:39 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:48:33 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:50:50 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:50:50 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:53:48 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:55:56 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:55:56 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-15 12:48:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000065 WDC_WD64 rev.05.0
Running: gmer.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\uwdiqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9931B004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9931B0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9931AD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9931AE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9931AEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9931AF56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8327DA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B74D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 832BE78C 5 Bytes [04, B0, 31, 99, D4]
.text ntkrnlpa.exe!KeRemoveQueueEx + 135D 832BE792 2 Bytes [31, 99]
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 832BE7D4 4 Bytes [76, AD, 31, 99]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 832BEAA4 8 Bytes [1E, AE, 31, 99, BA, AE, 31, ...] {PUSH DS; SCASB ; XOR [ECX-0x66ce5146], EBX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 832BEB18 4 Bytes [56, AF, 31, 99]
.text C:\Windows\system32\drivers\SSHDRV84.sys section is writeable [0x90852000, 0x233D4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV84.sys entry point in ".pklstb" section [0x90884000]
.relo2 C:\Windows\system32\drivers\SSHDRV84.sys unknown last section [0x9089A000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acehlp09.sys section is executable [0x916E0780, 0x28F7A, 0xE0000060]
.text C:\Windows\system32\drivers\ACEDRV06.sys section is writeable [0x91281000, 0x319AA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV06.sys entry point in ".pklstb" section [0x912C4000]
.relo2 C:\Windows\system32\drivers\ACEDRV06.sys unknown last section [0x912DF000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv09.sys section is executable [0x99288000, 0x4E05A, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x992D7300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9931D300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\real\realplayer\Update\realsched.exe[3756] kernel32.dll!SetUnhandledExceptionFilter 76A2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter # AdwCleaner v2.004 - Datei am 15/10/2012 um 12:49:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andrea - ANDREA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andrea\Desktop\Roland\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\ChatZum Toolbar
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\League of Legends\AppData\Local\Conduit
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\League of Legends\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\League of Legends\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\MAtthias Filme\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Thomas\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Vokabeln\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Vokabeln\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\Toolbar4
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoft
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51AD1E70-D4E9-4FCC-8215-7BE056D97465}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20A84E9-935E-4683-8054-1E0CC60B156A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
*************************
AdwCleaner[R1].txt - [8596 octets] - [13/10/2012 21:23:43]
AdwCleaner[R2].txt - [8527 octets] - [15/10/2012 12:49:30]
########## EOF - C:\AdwCleaner[R2].txt - [8587 octets] ##########
|
| Themen zu Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? |
| appdatalow, bho, bonjour, browser, canon, converter, desktop, driver./avg, ebay, error, fehler, firefox, flash player, free download, helper, home, install.exe, internet browser, launch, logfile, mp3, nodrives, nvidia update, object, plug-in, realtek, registrierungsdatenbank, registry, rundll, scan, security, software, svchost.exe, tarma, thomas, usb, windows, yontoo |
Baum-Darstellung