| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.04.2011, 13:43
| #1 |
| |  Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Hallo, Gestern mitten beim gemütliche Surfen hat es angefangen: Musik im Hintergrund (Becks-Werbung, danach irgendein Gebrabbel), HDD meldet über ein ominöses Windows-Fake-Tool Fehler, Avira schlägt Alarm, Desktop sowie Dateien unter Windows (vista) sind versteckt... Habe das ganze dann mit Malwarebytes sowie Unhide und CCleaner erstmal soweit in den Griff gekriegt, um meine Daten zu sichern zu können, Die Fehlermeldungen sind weg, der großteil der Malware wohl auch... Nur die Hintergrundsounds sind immer noch da... Ab und an meldet sich ein abgestürztes Windows internet-explorer Script per popup, dass auf irgendwelche "gossipcenter.com"-Seite ein skripfehler aufgetreten ist und ob ich das script weiter ausführen will, aber der Rest ist erstmal in Ordnung... Wie krieg ich jetzt noch die restlichen Spuren von dem Zeugs runter vom System (Wird eh plattgemacht, aber stört doch sehr die Datensicherung, etc. und ich will auf nummer sicher gehen, dass da nichts mit "rüberwandert") OTL-Logs sind angefügt, die Malwarebytes-Logs auch... Schon mal vielen Dank für eventuelle Hilfe! OTL-Logs (zusätzlich noch als Anhang, Fragt mich bitte nicht, wieso da Run 3 steht, das sind die einzigsten Logs die ich gemacht habe gerade eben): Code:
ATTFilter OTL logfile created on: 23.04.2011 14:23:53 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\abakus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 4,26 Gb Free Space | 1,94% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 0,27 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Computer Name: LAPTOPDELL | User Name: abakus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\abakus\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\abakus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (OEM04Vid) -- C:\Windows\System32\drivers\OEM04Vid.sys (Creative Technology Ltd.) DRV - (OEM04Vfx) -- C:\Windows\System32\drivers\OEM04Vfx.sys (EyePower Games Pte. Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (CH341SER) -- C:\Windows\System32\drivers\CH341SER.SYS (www.winchiphead.com) DRV - (TfBulk) -- C:\Windows\System32\drivers\TfBulk.SYS (Topfield (visit www.topfield.co.kr)) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI) DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI) DRV - (CYGF32X) -- C:\Windows\System32\drivers\CygF32x.sys (Cygnal Integrated Products) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080226 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.crc-oberkirch.de/\r" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "192.168.0.1" FF - prefs.js..network.proxy.gopher: "192.168.0.1" FF - prefs.js..network.proxy.http: "192.168.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.0.1" FF - prefs.js..network.proxy.ssl: "192.168.0.1" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\components [2011.04.13 19:19:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\plugins [2011.03.23 22:16:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.02.21 12:26:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.21 12:26:48 | 000,000,000 | ---D | M] [2010.08.31 19:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Extensions [2010.08.31 19:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.22 22:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions [2010.05.03 20:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.23 20:41:40 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2011.04.06 23:14:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.30 15:14:21 | 000,009,837 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\Mozilla\Firefox\Profiles\k40y2snm.default\searchplugins\ddl-search-v2.xml [2011.04.21 21:23:06 | 000,000,944 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\Mozilla\Firefox\Profiles\k40y2snm.default\searchplugins\icqplugin.xml [2009.10.10 00:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.11.03 13:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} O1 HOSTS File: ([2010.11.16 00:55:56 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 212.117.163.43 search.yahoo.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AKInstallerReboot_737957895F8E4FFAA14D70ED252AE1A9] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cleanmgr] File not found O4 - HKLM..\Run: [Copy Handler] File not found O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Bilder\Auto-Bilder\Focus ST\Belichtungsreihe\ST - Hintergrund Lappi.jpg O24 - Desktop BackupWallPaper: C:\Bilder\Auto-Bilder\Focus ST\Belichtungsreihe\ST - Hintergrund Lappi.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell - "" = AutoRun O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64 O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: cmdkwwiz - (C:\Windows\system32\ieUnfmon.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.23 02:43:30 | 000,000,000 | ---D | C] -- C:\Users\abakus\AppData\Roaming\Malwarebytes [2011.04.23 02:43:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.23 02:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.23 02:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 02:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.23 02:30:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\abakus\Desktop\OTL.exe [2011.04.23 01:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.23 01:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.04.18 03:22:17 | 000,000,000 | ---D | C] -- C:\Resize [2011.04.14 21:50:07 | 000,000,000 | ---D | C] -- C:\Win7 [2011.04.13 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\abakus\Desktop\Sortieren [2011.04.13 03:18:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.13 01:21:34 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 01:21:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 01:21:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 01:21:27 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 01:21:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 01:21:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 01:21:06 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 01:21:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 01:21:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 01:21:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 01:21:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 01:21:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 01:20:56 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 01:20:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.02 22:56:44 | 000,000,000 | ---D | C] -- C:\Panorama [2011.04.01 15:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Link [2010.06.23 16:28:20 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcpp19.dll [2010.06.23 16:28:20 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2008.08.30 19:12:02 | 011,773,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2008.08.30 19:12:01 | 000,492,504 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll [2008.08.30 19:11:58 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2008.08.30 19:11:58 | 000,089,048 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2008.08.30 19:11:57 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll [2008.08.30 19:11:55 | 000,107,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2008.03.11 19:23:26 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2008.03.11 19:23:26 | 000,343,000 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2008.03.11 19:23:26 | 000,245,208 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2008.03.11 19:23:26 | 000,203,736 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2008.03.11 19:23:26 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2008.03.11 19:23:26 | 000,142,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2008.03.11 19:23:26 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2008.03.11 19:23:26 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2008.03.11 19:23:26 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2008.03.11 19:23:26 | 000,018,904 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2008.03.11 19:23:25 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2008.03.11 19:23:24 | 000,912,344 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2008.03.11 19:23:24 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll ========== Files - Modified Within 30 Days ========== [2011.04.23 14:27:59 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.23 14:27:59 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.23 14:27:59 | 000,131,194 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.23 14:27:59 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.23 14:22:42 | 000,002,445 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2011.04.23 14:22:36 | 000,253,438 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.23 14:22:27 | 000,253,438 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.23 14:21:45 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:21:42 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:21:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.23 14:21:16 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys [2011.04.23 14:20:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.23 02:43:26 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 02:39:54 | 000,504,657 | ---- | M] () -- C:\Users\abakus\Desktop\unhide.exe [2011.04.23 02:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\abakus\Desktop\OTL.exe [2011.04.23 01:24:42 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.22 22:32:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0DE1368-97FE-4ED4-8B8E-B1693F7AF537}.job [2011.04.18 03:25:00 | 000,000,600 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\winscp.rnd [2011.04.18 03:17:39 | 000,161,792 | ---- | M] () -- C:\Users\abakus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 00:50:22 | 000,001,000 | ---- | M] () -- C:\Users\abakus\Desktop\CastleLink V3.29.0.lnk [2011.04.13 04:10:46 | 001,809,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.01 15:47:14 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\CastleLink V3.29.0.lnk ========== Files Created - No Company Name ========== [2011.04.23 14:08:57 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys [2011.04.23 02:51:35 | 000,504,657 | ---- | C] () -- C:\Users\abakus\Desktop\unhide.exe [2011.04.23 02:43:26 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 01:24:42 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.17 00:50:22 | 000,001,000 | ---- | C] () -- C:\Users\abakus\Desktop\CastleLink V3.29.0.lnk [2011.04.01 15:48:58 | 000,000,323 | ---- | C] () -- C:\Users\abakus\AppData\Local\CastleLinkProps.dat [2011.04.01 15:47:14 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\CastleLink V3.29.0.lnk [2011.03.23 22:16:43 | 000,011,666 | ---- | C] () -- C:\Program Files\updates.xml [2011.03.23 22:16:43 | 000,000,057 | ---- | C] () -- C:\Program Files\active-update.xml [2010.08.08 15:54:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.08.04 17:03:40 | 000,000,110 | ---- | C] () -- C:\Program Files\fjhdyfhsn.bat [2010.08.04 17:03:19 | 000,000,020 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\bawuho.dat [2010.07.22 00:45:01 | 000,000,115 | ---- | C] () -- C:\Program Files\dependentlibs.list [2010.01.26 20:56:48 | 000,172,600 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2010.01.25 21:55:05 | 000,000,073 | ---- | C] () -- C:\Windows\Altair.INI [2010.01.14 21:38:03 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.11 16:11:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2009.12.11 16:11:00 | 000,000,858 | ---- | C] () -- C:\Windows\unins000.dat [2009.11.10 02:53:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.09 20:42:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.03 12:43:00 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2009.10.10 00:29:08 | 000,005,493 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.08 10:25:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.08 10:25:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.30 23:22:49 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.30 23:22:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.07.24 00:38:32 | 000,253,438 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.24 00:38:32 | 000,253,438 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.22 12:26:46 | 000,000,003 | ---- | C] () -- C:\Program Files\update.locale [2009.06.22 21:57:33 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini [2009.06.22 21:56:12 | 000,000,099 | ---- | C] () -- C:\Windows\Realflight.INI [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.26 19:14:39 | 000,000,728 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\DriveCalculator Preferences [2008.11.06 00:07:37 | 000,000,600 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\winscp.rnd [2008.08.30 19:11:58 | 000,016,246 | ---- | C] () -- C:\Program Files\removed-files [2008.08.30 19:11:58 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2008.08.30 19:11:55 | 000,004,296 | ---- | C] () -- C:\Program Files\crashreporter.ini [2008.08.30 19:11:55 | 000,000,705 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2008.08.30 19:11:51 | 000,004,496 | ---- | C] () -- C:\Program Files\blocklist.xml [2008.08.30 19:11:51 | 000,002,129 | ---- | C] () -- C:\Program Files\application.ini [2008.08.16 19:32:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.05 20:53:35 | 000,000,552 | ---- | C] () -- C:\Users\abakus\AppData\Local\d3d8caps.dat [2008.03.24 13:25:17 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2008.03.15 18:13:22 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.03.15 18:13:21 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.15 18:13:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.03.11 23:03:50 | 000,001,202 | ---- | C] () -- C:\Windows\mozver.dat [2008.03.11 19:24:06 | 000,000,000 | ---- | C] () -- C:\Program Files\.autoreg [2008.03.11 19:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.03.11 19:23:29 | 000,000,701 | ---- | C] () -- C:\Program Files\updater.ini [2008.03.11 19:23:29 | 000,000,220 | ---- | C] () -- C:\Program Files\browserconfig.properties [2008.03.11 19:23:26 | 001,018,328 | ---- | C] () -- C:\Program Files\js3250.dll [2008.03.11 19:23:26 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE [2008.03.11 19:23:26 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk [2008.03.11 19:23:25 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk [2008.03.06 23:28:48 | 000,175,014 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\nvModes.001 [2008.03.06 23:28:44 | 000,175,014 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\nvModes.dat [2008.03.06 22:05:00 | 000,161,792 | ---- | C] () -- C:\Users\abakus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.26 05:51:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.02.26 05:50:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.25 22:08:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.02.25 21:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,194 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 001,809,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\abakus\skull_logo.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Visual Studio 2008:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Version Cue:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Sony Ericsson:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RealFlight G4:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RCT3:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\NFS SHIFT:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Meine Paletten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Video_deluxe_16_Download-Version:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Speed2_burnR_mxcdr:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Screenshare:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\KMPlayer:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\ImTOO Software Studio:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Corel:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Bioshock:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Anno 1404:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\AdobeStockPhotos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Adobe Scripts:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Desktop\Sortieren:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\SuBi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Modellbau:Roxio EMC Stream @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 14:23:53 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\abakus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 4,26 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 0,27 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Computer Name: LAPTOPDELL | User Name: abakus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2451145638-1982524823-2130488400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{238C2A9A-5CE5-465B-B1C6-0CDF7CA006D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2940F504-1954-4FA1-B1A7-41F39EDCEEA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B46D42B-5A88-4559-9B4E-325C1A4A4F11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2EB8256B-F78D-4FB1-9E81-C2B517BE4822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66A844EC-69E7-4779-B593-2BE19990D811}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B487717-4534-4062-89C1-F2DA093C0AD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B37C2C97-D26A-4529-839B-8D509AD80912}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C028A73C-5398-4B1A-A39D-08196F4A9659}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB959ABA-DBCF-42C0-8938-0AFE94EADBF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE676EA-39C0-442E-8DCE-9A7539D7A5CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F6236FE-4B5D-442A-9984-452503FA4379}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{105BCD5E-A222-4DB1-9264-2051F1D1205C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13D4555F-30A3-460C-9DC7-9EAC61344A43}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{160C5103-3007-4EF6-91F7-0FD40947D2CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{18D42D4F-4F9C-47F8-832B-18A6DEF2EF1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{292A9302-2C4C-4443-BF2A-CB9D5D39B6CB}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{3582933E-FBBE-4646-9ADE-CDFC33607848}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37EA8649-46CA-4899-A029-291B25AE2D63}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\semc omsi module\semc omsi module.exe |
"{39A22E71-04C3-48B1-ABB4-30E522529CE3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{449B9DAC-534E-47CD-89EC-66053AC3E62D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4536F702-C816-47C1-B84F-537D1D1B8F43}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{48BD8565-30CE-444B-9B27-6E2536801F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B233D3-E0FD-4FC9-9110-B69BF332812E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{645111C7-D256-4A49-9C83-877376734784}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65C9BD6B-CFAC-40E6-B8F7-DDBE726A17F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7406E7CE-C275-442D-ABE7-6CC26D377E46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7609130E-9453-4481-B45E-ABCC5F99E6BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76C5A276-87CA-4D1A-9A0C-AEC7DD645446}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7D52F021-1551-4D49-8FC9-E581D0311376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{824F2DFF-AF80-45B7-A470-67EB80B3AFDB}" = protocol=6 | dir=out | app=system |
"{97C2F876-D8C5-44D3-A26F-8A91F68AA7AA}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9B529FB8-B20F-457A-AE3E-FC315EEA7DD3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{A02AECFC-AE58-4D55-8821-0E6F3BC1AACD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A89D069D-9782-467B-B4FB-B4B34329EC70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADCE5659-C685-4226-9076-DF64BA9CEE97}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{AE1655B2-4D32-47E5-99F6-A695161F2D9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B46AEF4C-FE7C-41AC-A9AD-6C72585014BB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{B96C951C-C32B-4C51-AB3A-B3497D04C25F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C224466E-2977-4733-B85C-D25A1D6C85A9}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{C27D3795-1D13-4A89-B5CA-F514CD078509}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C2D94260-5F87-43F4-B2EA-CDA1DC9A259D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C52E59B2-989A-4DBB-8DD9-22DEB0BE881A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C6A779AE-4AD3-439E-9AF9-82A3B1BAA3D2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E12C20D1-0D8F-431B-B2A1-92E69AE66D85}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{E63ED4C9-6BE7-4CE6-8019-A14ECFD692FA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\semc omsi module\semc omsi module.exe |
"{E6D6E4AB-79FE-4E5A-8AFA-87870E3AF8AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EAE395E2-050B-4AB4-B4C4-244E36AB8CC1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{EB9AA9A3-117E-44C0-98CA-5F0EEAEEB670}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F9213CB3-C5DE-4216-AD49-49D712B325B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB57D9CE-4CEB-4157-934B-3B3F8A1D9861}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{FEC37177-C375-414E-96A6-FB89ADDD5DA4}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{923A4C69-6327-470E-AFA5-9086925D448B}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{9F6FC0B6-A266-42A7-B475-7DA473E9FE48}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{BB8A7718-B360-49C3-B0BA-7D46F4BB4770}C:\games\nexuiz\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\games\nexuiz\nexuiz\nexuiz.exe |
"TCP Query User{BBF64915-5658-4C2A-9D7F-AA119EB7A054}C:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe |
"TCP Query User{C8541742-0FD8-49CA-8E0F-BC56439BB9EC}C:\users\abakus\desktop\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\users\abakus\desktop\world of padman\wop.exe |
"TCP Query User{DEAD958A-2DC3-465B-AA63-172E1FF064E0}C:\games\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\games\world of padman\wop.exe |
"TCP Query User{E09EF945-0388-40CC-82BF-E4F3E464886F}C:\program files\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox.exe |
"UDP Query User{3B2D5A9D-D9AB-40C1-B41E-2D4E6C850CDF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{5439E6C1-2893-4AB4-81B2-E354C21EDEA2}C:\games\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\games\world of padman\wop.exe |
"UDP Query User{665FD235-994E-444D-B2D3-906451C60ED8}C:\users\abakus\desktop\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\users\abakus\desktop\world of padman\wop.exe |
"UDP Query User{B9EC4F7C-C1DB-4D78-9D82-11BFCC08E40B}C:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe |
"UDP Query User{C34FBE9B-1917-4EE3-A228-16EE33D3247A}C:\games\nexuiz\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\games\nexuiz\nexuiz\nexuiz.exe |
"UDP Query User{DD2C0A8B-CE5D-4CCD-B3FE-D4510C278A34}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{FEB1906F-860A-40A3-84C5-7EE6DF3CCE3B}C:\program files\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73795789-5F8E-4FFA-A14D-70ED252AE1A9}" = LogView 2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD188724-A159-49CB-81CA-E6ECDF067391}" = Castle Link
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBAAD3E-0B95-496E-A939-F54309F26856}_is1" = Genius
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"ImTOO iPhone Ringtone Maker" = ImTOO iPhone Ringtone Maker
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Movies2iPhone" = Movies2iPhone .74b
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Mp3tag" = Mp3tag v2.44
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.0.3RC2
"ProInst" = Intel(R) PROSet/Wireless Software
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"SynTPDeinstKey" = Dell Touchpad
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"Trillian" = Trillian
"VLC media player" = VLC media player 0.9.8a
"WinISD beta" = WinISD beta
"winscp3_is1" = WinSCP 4.1.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2011 08:39:54 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13806
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15475
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15475
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 107090505
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 107090505
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 107091628
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 107091628
[ Media Center Events ]
Error - 18.04.2008 06:18:27 | Computer Name = LaptopDell | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 09.09.2008 21:03:23 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:04:24 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2008 21:04:24 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:04:58 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2008 21:04:58 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:13:45 | Computer Name = LaptopDell | Source = HTTP | ID = 15016
Description =
Error - 14.09.2008 10:06:10 | Computer Name = LaptopDell | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.09.2008 um 16:04:53 unerwartet heruntergefahren.
Error - 14.09.2008 10:06:14 | Computer Name = LaptopDell | Source = HTTP | ID = 15016
Description =
Error - 14.09.2008 10:06:52 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7026
Description =
Error - 11.10.2008 19:24:21 | Computer Name = LaptopDell | Source = DCOM | ID = 10010
Description =
< End of report >
Geändert von StartUp (23.04.2011 um 14:00 Uhr) |
| Themen zu Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt |
| 7-zip, adblock, alternate, antivir, audiograbber, avgntflt.sys, avira, bho, bonjour, desktop, device driver, ebay, error, excel, fehler, firefox, flash player, focus, home, install.exe, kazy.mekml, location, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, office 2007, oldtimer, plug-in, registry, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, shortcut, sketchup, software, sptd.sys, start menu, sttray.exe, studio, svchost.exe, system, unhide, usb, vista, visual studio, werbung |
Baum-Darstellung