Trojaner-Board - Weißer Bildschirm bei Windows Vista

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Weißer Bildschirm bei Windows Vista (https://www.trojaner-board.de/127520-weisser-bildschirm-windows-vista.html)

Weißer Bildschirm bei Windows Vista

Hallo zusammen

Ich hab mir auch einen weißen Bildschirm zugelegt (BKA,BIS Trojaner?)
Ich kann mein Notebook im abgesichereten Modus starten,aber nach ca.20 sec. wird der Bildschirm wiedern weiß.
Nun möchte ich aber auf meine Eigenen Dateien wieder zugreifen können um sie extern zu speichern.
Würde mich über die eine oder andere Hilfe wirklich freuen.

gruß eddy

Hi,

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

hallo schrauber

Bis zur Eingabe notepad bin ich gekommen, aber im geöffneten editor erscheint kein text

ich sehe nur

X:\windows\system32\notepad

gruß eddy

Da erscheint kein Text, du sollst nur Notepad öffnen und direkt auf Speichern Unter gehen, damit Du den Laufwerksbuchstaben vom Stick siehst :)

Hallo schrauber

ich glaub ich habs richtig gemacht

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012
Ran by SYSTEM at 28-11-2012 21:57:13
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" [361120 2010-05-06] (Kaspersky Lab)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe [x]
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\Ed\...\Run: [CPU_Control] C:\Program Files\CPU-Control\CPU_Control.exe [1004544 2007-06-09] ()
HKU\Ed\...\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [472555 2007-05-02] (SlySoft, Inc.)
HKU\Ed\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Ed\...\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\Windows\TEMP\E_S2906.tmp" /EF "HKCU" [200704 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\Ed\...\Winlogon: [Shell] explorer.exe,C:\Users\Ed\AppData\Roaming\msconfig.dat [71527 2011-11-18] ()
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [132424 2008-11-07] (Apple Inc.)
2 AVP; "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" -r [361120 2010-05-06] (Kaspersky Lab)
3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 TosCoSrv; "c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [x]
2 TOSHIBA SMART Log Service; "c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [73928 2007-04-30] (SlySoft, Inc.)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [26240 2004-07-06] (SlySoft, Inc.)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [15440 2007-02-28] (Elaborate Bytes AG)
1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
0 klbg; C:\Windows\System32\drivers\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2009-11-11] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab)
3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [93344 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-11-28 21:55 - 2012-11-28 21:55 - 00000000 ____D C:\FRST
2012-11-21 13:14 - 2012-11-27 13:35 - 00000047 ____A C:\Users\Ed\AppData\Roaming\msconfig.ini
2012-11-16 13:22 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 13:22 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 13:22 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 13:22 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 13:22 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 13:22 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 13:22 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 13:22 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 13:22 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 13:22 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 13:22 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 13:22 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 13:22 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 13:22 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 13:22 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 13:22 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 12:08 - 2012-10-12 06:29 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-15 12:08 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-10-29 12:28 - 2012-10-29 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2012-11-28 21:55 - 2012-11-28 21:55 - 00000000 ____D C:\FRST
2012-11-27 13:36 - 2006-11-02 05:01 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-27 13:36 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 13:35 - 2012-11-21 13:14 - 00000047 ____A C:\Users\Ed\AppData\Roaming\msconfig.ini
2012-11-27 13:35 - 2008-08-08 12:44 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-11-27 13:35 - 2008-08-08 12:26 - 00000040 ___SH C:\Users\All Users\.zreglib
2012-11-27 13:34 - 2009-12-25 15:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-27 13:34 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-27 13:34 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-26 13:37 - 2008-08-08 09:20 - 01321107 ____A C:\Windows\WindowsUpdate.log
2012-11-26 13:22 - 2012-04-02 10:15 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-26 13:14 - 2008-01-20 23:16 - 00074090 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-26 13:11 - 2009-12-25 15:51 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-26 11:23 - 2006-11-02 04:52 - 00182021 ____A C:\Windows\setupact.log
2012-11-18 11:31 - 2011-08-25 07:12 - 00000000 ____D C:\Users\Ed\AppData\Local\PokerStars.EU
2012-11-18 10:51 - 2009-10-23 04:17 - 00000000 ____D C:\Users\Ed\Desktop\Download
2012-11-17 10:03 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-16 14:47 - 2006-11-02 04:47 - 00326264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 13:30 - 2006-11-02 02:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-11-16 13:29 - 2008-02-25 00:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 14:27 - 2008-08-08 09:32 - 00000000 ____D C:\users\Ed
2012-11-01 13:55 - 2008-08-12 04:19 - 00000091 ____A C:\Users\Ed\AppData\default.pls
2012-10-29 14:38 - 2012-04-26 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-10-29 14:22 - 2010-03-24 09:31 - 00001356 ____A C:\Users\Ed\AppData\Local\d3d9caps.dat
2012-10-29 14:13 - 2012-10-29 12:28 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-14 07:45:21
Restore point made on: 2012-10-17 10:32:16
Restore point made on: 2012-10-26 02:13:05
Restore point made on: 2012-10-30 10:24:27
Restore point made on: 2012-11-06 12:14:24
Restore point made on: 2012-11-11 08:05:28
Restore point made on: 2012-11-13 13:15:39
Restore point made on: 2012-11-16 13:17:39
Restore point made on: 2012-11-20 12:44:51

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2037.22 MB
Available physical RAM: 1464.95 MB
Total Pagefile: 1777.2 MB
Available Pagefile: 1604.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.3 MB

==================== Partitions =============================

1 Drive c: (Vista) (Fixed) (Total:116.37 GB) (Free:7.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:115.05 GB) (Free:49.22 GB) NTFS
3 Drive e: (5in1) (CDROM) (Total:2.64 GB) (Free:0 GB) CDFS
4 Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
5 Drive g: (READY BOOST) (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr ### Status Gr”áe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 233 GB 0 B
1 Online 1928 MB 0 B

Last Boot: 2012-11-26 13:15

==================== End Of Log ============================

gruß eddy

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\Ed\...\Winlogon: [Shell] explorer.exe,C:\Users\Ed\AppData\Roaming\msconfig.dat [71527 2011-11-18] ()

2012-11-21 13:14 - 2012-11-27 13:35 - 00000047 ____A C:\Users\Ed\AppData\Roaming\msconfig.ini

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Versuch bitte wieder normal zu booten, wenn das klappt dann das :

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

%windir%\installer\*. /5

%localappdata%\*. /5

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hallo schrauber
hier nun die Fix log Datei

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-11-29 21:16:22 Run:1
Running from G:\

==============================================

HKEY_USERS\Ed\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Ed\AppData\Roaming\msconfig.ini moved successfully.

==== End of Fixlog ====

gruß eddy

hallo schrauber
hier nun der OTL.txt und der Extra.txt von dem Im Augenblick stabielen und wieder funtionierenden rechner :abklatsch: :taenzer:OTL Logfile:

Code:

OTL logfile created on: 29.11.2012 21:27:34 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ed\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,20% Memory free

4,22 Gb Paging File | 3,27 Gb Available in Paging File | 77,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,37 Gb Total Space | 7,49 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

Drive E: | 115,05 Gb Total Space | 49,22 Gb Free Space | 42,78% Space Free | Partition Type: NTFS

Drive F: | 2,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,92% Space Free | Partition Type: FAT32

 

Computer Name: EDS-LAPPI | User Name: Ed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.12.03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe

PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

PRC - [2007.05.02 14:40:20 | 000,472,555 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.09.13 14:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.29 21:29:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.09 18:22:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2008.11.04 02:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2009.12.25 12:38:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.12.25 12:38:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2009.11.11 17:35:28 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)

DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2008.11.04 02:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007.12.28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)

DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007.05.01 02:51:33 | 000,073,928 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)

DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2004.07.06 18:28:31 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKLM\..\SearchScopes,DefaultScope = {7110585A-C72D-4091-A376-3FEBC2FD3FD3}

IE - HKLM\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.prosieben.de/index.php?icqpath=icq

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=145.254.22.10:8000;https=145.254.22.10:8000;ftp=145.254.22.10:8000

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.44

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855

FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747

FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32

FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.5

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 21:29:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 21:29:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.12.05 22:19:57 | 000,000,000 | ---D | M]

 

[2008.08.09 01:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Extensions

[2012.11.16 23:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions

[2010.07.02 00:32:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.30 10:21:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010.03.22 13:17:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(18)

[2012.09.16 22:06:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\ich@maltegoetz.de

[2012.11.16 23:51:38 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\toolbar@web.de.xpi

[2012.10.18 20:56:30 | 000,395,926 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi

[2012.11.16 23:52:03 | 000,000,911 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\11-suche.xml

[2012.11.16 23:52:04 | 000,002,273 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\englische-ergebnisse.xml

[2012.11.16 23:52:03 | 000,010,563 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\gmx-suche.xml

[2012.11.16 23:04:05 | 000,000,944 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\icqplugin.xml

[2012.11.16 23:52:04 | 000,002,432 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\lastminute.xml

[2012.11.16 23:52:03 | 000,005,545 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\webde-suche.xml

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.27 20:59:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.17 10:35:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.27 20:59:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.27 20:59:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.27 20:59:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.27 20:59:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [CPU_Control] C:\Programme\CPU-Control\CPU_Control.exe ()

O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699E79C-40C3-4090-A909-D15AC37966D0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CEDDD0-E6B1-49DC-8CE3-B627EE2E125E}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4a5338cb-efac-11dd-b9f1-001e3348310b}\Shell\AutoRun\command - "" = G:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: qagqq - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 21:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.29 06:55:48 | 000,000,000 | ---D | C] -- C:\FRST

[2012.11.16 22:37:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.02.22 12:44:01 | 010,551,855 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeVideoToMp3Converter.exe

[2008.08.08 21:25:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ed\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.29 21:22:34 | 000,061,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.29 21:22:34 | 000,015,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.29 21:22:34 | 000,013,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.29 21:22:34 | 000,007,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.29 21:22:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.29 21:18:12 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[2012.11.29 21:18:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.29 21:17:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 21:17:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 21:17:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.29 21:17:43 | 2134,872,064 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.26 22:11:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.16 23:47:39 | 000,326,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.01 14:41:28 | 000,003,066 | ---- | M] () -- C:\Users\Ed\Documents\Rechnung Stadtwerke Sept.2012.pdf

[2012.11.01 14:39:43 | 000,006,300 | ---- | M] () -- C:\Users\Ed\Documents\Stadtwerke Telefon EVN.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.27 22:34:28 | 2134,872,064 | -HS- | C] () -- C:\hiberfil.sys

[2012.11.01 14:41:28 | 000,003,066 | ---- | C] () -- C:\Users\Ed\Documents\Rechnung Stadtwerke Sept.2012.pdf

[2012.11.01 14:39:43 | 000,006,300 | ---- | C] () -- C:\Users\Ed\Documents\Stadtwerke Telefon EVN.pdf

[2012.07.29 12:01:26 | 000,073,832 | ---- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll

[2012.07.29 12:01:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RTKDABMWare.dll

[2012.03.20 13:31:18 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 02.jpg

[2012.03.20 13:19:49 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 01.jpg

[2012.01.10 21:45:37 | 000,071,527 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\msconfig.dat

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_PINSTATUS_VOREINSTELLUNG

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_DIALOG_VOREINSTELLUNG

[2011.06.06 21:22:29 | 000,010,231 | ---- | C] () -- C:\Users\Ed\Moglie_elster_2048.pfx

[2011.05.12 14:14:46 | 000,025,769 | ---- | C] () -- C:\Users\Ed\ESt2010_Schneck_Thomaas_und_Schneck_Donja.elfo

[2010.03.24 18:31:44 | 000,001,356 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat

[2009.06.12 19:49:46 | 000,000,313 | ---- | C] () -- C:\Users\Ed\AppData\Local\qagqq_navps.dat

[2009.06.12 19:49:45 | 000,356,378 | ---- | C] () -- C:\Users\Ed\AppData\Local\qagqq_nav.dat

[2009.06.12 19:49:45 | 000,002,896 | ---- | C] () -- C:\Users\Ed\AppData\Local\qagqq.dat

[2009.06.01 22:22:56 | 000,000,085 | ---- | C] () -- C:\Users\Ed\AppData\Local\kkuim.bat

[2009.03.08 17:51:08 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Roaming\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Local\mxfilerelatedcache.mxc2

[2008.11.25 15:00:19 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\mxfilerelatedcache.mxc2

[2008.10.02 13:42:22 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\wklnhst.dat

[2008.08.17 06:05:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.08.12 14:37:11 | 000,011,114 | ---- | C] () -- C:\ProgramData\MainApp.dll

[2008.08.10 18:24:20 | 000,207,872 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.08.09 02:10:39 | 000,031,007 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\UserTile.png

[2008.08.08 21:26:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.08.08 21:25:41 | 000,081,920 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\ezpinst.exe

[2008.08.08 21:25:41 | 000,007,176 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.cat

[2008.08.08 21:25:41 | 000,001,144 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.inf

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2009.03.02 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Any Video Converter

[2011.07.31 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Awem

[2009.03.08 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Azureus

[2008.11.10 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Buhl Data Service

[2009.04.26 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Cat's Eye Games

[2010.11.24 16:19:40 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\COMPUTERBILD-Abzockschutz

[2012.09.26 05:42:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\CPUControl

[2011.09.05 09:10:11 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\elsterformular

[2011.05.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Epson

[2010.06.10 13:38:30 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\GoPal Assistant

[2010.05.18 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ICQ

[2008.08.14 20:42:29 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ICQ Toolbar

[2010.11.24 14:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\LOADSTREET

[2009.12.16 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\MAGIX

[2012.09.23 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Party

[2008.12.12 08:38:33 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\phonostar-Player

[2008.10.02 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Template

[2008.08.08 21:26:09 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Vso

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2008.10.13 20:17:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2009.10.22 14:52:57 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.11.16 23:45:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.08.08 18:28:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.08.23 15:59:14 | 000,000,000 | -HSD | M] -- C:\found.000

[2009.08.23 15:59:13 | 000,000,000 | -HSD | M] -- C:\found.001

[2012.11.29 06:55:48 | 000,000,000 | ---D | M] -- C:\FRST

[2009.03.08 17:51:08 | 000,000,000 | ---D | M] -- C:\Intel

[2008.02.25 09:50:17 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.10.29 23:12:34 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.07.29 12:13:07 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2008.08.08 18:28:45 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.20 19:12:53 | 000,000,000 | ---D | M] -- C:\Programs

[2012.11.29 21:30:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.03.08 17:51:08 | 000,000,000 | ---D | M] -- C:\tb_eula

[2009.03.08 17:51:08 | 000,000,000 | ---D | M] -- C:\Toshiba

[2008.08.08 18:32:19 | 000,000,000 | R--D | M] -- C:\Users

[2012.09.26 05:42:26 | 000,000,000 | ---D | M] -- C:\Windows

[2009.03.08 17:51:05 | 000,000,000 | ---D | M] -- C:\Works

 
 < %PROGRAMFILES%\*.exe >

[2010.01.25 08:57:38 | 010,551,855 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeVideoToMp3Converter.exe

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %windir%\installer\*. /5 >

 
 < %localappdata%\*. /5 >

[2012.11.29 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Local\Temp

 
 <           >

[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.12.26 00:51:51 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2009.12.26 00:51:51 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012.04.02 19:15:03 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:160ADF0B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FDF9B285

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5A437AC3
 

< End of report >

--- --- ---

und nun der Extra.txt :crazy: :bussi:
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.11.2012 21:27:34 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ed\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,20% Memory free

4,22 Gb Paging File | 3,27 Gb Available in Paging File | 77,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,37 Gb Total Space | 7,49 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

Drive E: | 115,05 Gb Total Space | 49,22 Gb Free Space | 42,78% Space Free | Partition Type: NTFS

Drive F: | 2,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,92% Space Free | Partition Type: FAT32

 

Computer Name: EDS-LAPPI | User Name: Ed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" = 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{23CBA2D8-5FD3-4264-9FE2-858101803019}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2838FA41-FB6A-4151-973C-36A30606EDCD}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2AE2D925-710B-453D-8534-182B22B612F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{2EA837EF-19C6-4652-8B43-B941103C242D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{332AAE09-017E-4B02-8400-65BE13229636}" = rport=138 | protocol=17 | dir=out | app=system | 

"{55181543-507E-4B2E-BC99-24A320AE4E0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{5ADC16FB-9D07-407F-B675-D33DF0096BAC}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{61946018-A1FA-45AB-89AC-DBC54195CA86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{654289B7-55A9-4368-BAF9-221A69F73C0A}" = lport=138 | protocol=17 | dir=in | app=system | 

"{77337C51-1C2A-4539-A008-C4C335487B90}" = lport=445 | protocol=6 | dir=in | app=system | 

"{781D1C03-045A-4D2B-8A97-9CF47B45A6CD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{8A275C49-F027-456A-B4E3-529B2BB26112}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{8D1630A5-1F42-4BA7-BA2C-125F6BD348FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{954C74FF-7EAF-4C8A-8309-61C434516E09}" = rport=445 | protocol=6 | dir=out | app=system | 

"{97160D0B-7DDF-4FD4-B9DB-9DB95D0119D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{A32BE353-C461-4C6C-959B-F56AC6E7658D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{ABF4BFB0-AFA8-4432-A954-4EA9663D0D8F}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AF2CDAFA-3F90-431E-95A8-7801639F7196}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{E0BCF921-4EBE-48F3-BBE8-1A9D765FE2F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{EA1BA5A3-CFAA-47F2-990F-F1573913ACFF}" = rport=139 | protocol=6 | dir=out | app=system | 

"{EAA7E085-DA41-46E9-B47A-04A06B11221F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1250897B-3725-461F-BE63-2D016A1D26A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{19025414-5587-43F3-821E-11004FEE90EE}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 

"{2933D072-06EF-48C2-AF93-C668A8FE49F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{4246799A-91D1-4590-BB1C-9873CEEB5723}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{451D604C-A66D-47E6-90F8-E26866E2030B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4D83C7D2-8D9D-448F-8F97-F2E2667DCDAB}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 

"{53FAD7ED-07D5-42E6-A7CC-8F467C062C50}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{7AE59B7B-F00E-46D2-95E0-689381DCE13B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{92F8DB80-388D-40C5-B501-51C87F604513}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9705186C-1DF6-425D-AD7E-E007B2019EFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{97D3ACC2-44AE-4815-8CC7-406E14076B44}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 

"{A45FCEA6-006A-4DC5-A1BA-21FF2536FBA4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{AA9FDB47-4B87-46E8-B84C-DFCC6AC6EEE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AAB3787F-1A26-4887-A6C5-B7D7DAC459FC}" = protocol=6 | dir=out | app=system | 

"{AB0C9F51-0EB9-447C-BC46-AC358B20BC64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{ABDB7AA2-DE19-43F8-8A89-F4B37FA96226}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{C0BBD6C1-3E82-4DE6-95BF-0D5255AEA80D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C3084045-27F7-41E0-8A0C-E25775729CDE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 

"{CEB4AEA0-C1E8-4D74-9F0B-2D903824E190}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DA3A31BE-D643-488E-A90C-6EED8ED4783A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{DB239322-9840-4947-8536-DFB634BD3D10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DE3A9705-A769-441E-BAB8-8A8332F7EB64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DE6FE906-2EBA-49F7-8BF0-485B585BD777}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{E8A14E54-89A6-4668-9145-FCF4DF4C608F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{E957616B-7155-4D4C-A330-3CCB2D3DE13E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{ED3F481B-0282-4D5D-B82F-1590F6CEBC01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{069062CE-C9E1-49B8-8D23-367330CC4CA0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2E2DDEE6-96BD-4BC8-BDA8-7A615BC171C9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{50DE3DCF-DC8B-4DC5-BBC3-BF310094B826}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{5281DCD5-5AC8-470E-A632-687EE57E9DC6}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{556DBCB9-626F-4E44-B53A-46AEC5702800}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{5D01A047-6E1F-4A37-9E61-0A38DA6659AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{65B5A033-768E-4F74-A182-4A4DB54A9D49}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{679BD986-039E-4AC6-A329-5DCA6F1D80BB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{77CFFBEA-1224-444C-B433-148592D33D15}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"TCP Query User{8321AD38-0AED-43B5-AC5C-3BA39562BE1E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{89D5E875-427F-4C53-B168-C7E48BF5B11B}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 

"TCP Query User{ACFBFBE6-89C7-414A-A7A6-D1E28B9F5F87}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"TCP Query User{AD95257A-B80F-474A-A891-B3A0FEBC6E5D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{D0E2482F-4F0A-4148-9380-4D782F28AE5C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"TCP Query User{DD2CDF62-A7DB-49F9-91BB-83D4383BD804}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 

"UDP Query User{04C094B0-B64D-46EF-9297-59CA78119F59}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{4389D1F4-2CBA-402B-802A-7AF528A5CE8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{4D40C1F7-1196-4AB7-B35C-CE6AF80514BE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{50775F97-2CA4-48D0-8B1D-C2D63F2ACCE7}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 

"UDP Query User{64E1044F-9B1F-416E-BD50-D58859A2985A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"UDP Query User{753AD5FC-DD8E-435C-9021-7A3F7B1A0B17}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{C301728B-C448-4C76-803C-526A2BAEBC0D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{C34F5C5B-965F-48BD-8C47-9AD935672FD2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{E6D16144-CC9D-49D9-BA37-BC011E358BE7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"UDP Query User{EAC158E7-595B-457D-AC4E-FF081D8188AE}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 

"UDP Query User{EB3BB088-90CD-48AF-AF92-021051351CDF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"UDP Query User{F22BEBD0-A37F-4687-9B3A-86CDDF3507ED}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{F8CBE681-1F97-40C6-8F72-EEF5CF809B02}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{F91CEFC5-FB95-40F9-98BB-BBB6E255EB32}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{FE016DDF-A8F7-492F-805E-A5418F1F0F9D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Premium

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A7-0407-0000-0000000FF1CE}" = Kalenderdruck-Assistent für Microsoft Office Outlook 2007

"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-2000-0407-0000-0000000FF1CE}" = Microsoft Filter Pack 1.0

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Any Video Converter_is1" = Any Video Converter 2.6.7

"AnyDVD" = AnyDVD

"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.50

"CloneCD" = CloneCD

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"CPU-Control_is1" = CPU-Control

"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Update

"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender

"EPSON Scanner" = EPSON Scan

"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series

"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch

"Everest Poker" = Everest Poker (Remove Only)

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10

"kkuim" = Favorit

"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)

"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"MainApp.exe_is1" = CloneDVD 4.1.0.2

"Medion GoPal Assistant" = Medion GoPal Assistant 4.01.012

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"myphotobook" = myphotobook 3.5

"PartyPoker" = PartyPoker

"Perfect Tools für Vista_is1" = Perfect Tools für Vista 1.00

"PokerStars" = PokerStars

"PokerStars.net" = PokerStars.net

"PrintKey2000" = PrintKey2000

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"YTdetect" = Yahoo! Detect

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.07.2010 05:20:20 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 29.07.2010 05:21:32 | Computer Name = Eds-Lappi | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.07.2010 05:24:39 | Computer Name = Eds-Lappi | Source = SecurityCenter | ID = 7

Description = Das Windows-Sicherheitscenter hat ein Drittanbieterprodukt mit einer

 nicht GUID-InstanceId gefunden. InstanceID=956-A9F9-E252435469C0}.

 

Error - 29.07.2010 06:24:16 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3148) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 06:24:16 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3148) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 08:47:55 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 29.07.2010 08:48:59 | Computer Name = Eds-Lappi | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.07.2010 08:51:17 | Computer Name = Eds-Lappi | Source = SecurityCenter | ID = 7

Description = Das Windows-Sicherheitscenter hat ein Drittanbieterprodukt mit einer

 nicht GUID-InstanceId gefunden. InstanceID=956-A9F9-E252435469C0}.

 

Error - 29.07.2010 08:55:19 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3004) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 08:55:19 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3004) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

[ OSession Events ]

Error - 23.01.2010 04:35:52 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1934

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 18.08.2010 11:59:58 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2010 11:13:55 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 26.11.2012 15:44:00 | Computer Name = Eds-Lappi | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.11.2012 15:44:00 | Computer Name = Eds-Lappi | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.11.2012 15:44:00 | Computer Name = Eds-Lappi | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.11.2012 16:13:00 | Computer Name = Eds-Lappi | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 26.11.2012 um 20:46:58 unerwartet heruntergefahren.

 

Error - 26.11.2012 16:14:14 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-Bits-Client | ID = 16392

Description = 

 

Error - 27.11.2012 16:59:47 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 16:59:53 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 16:59:57 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 17:00:03 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 17:00:04 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

--- --- ---

danke
gruß eddy

Hi,

Alles an Java deinstallieren und aktuelle Version Java 7 Update 9 installieren.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Und ein frisches OTL log bitte.

hallo schrauber

hier nut die txt Datei von adwclaener und ein frischer OTL file

# AdwCleaner v2.010 - Datei am 01/12/2012 um 21:32:40 erstellt
# Aktualisiert am 29/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Ed - EDS-LAPPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ed\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ed\AppData\Local\qagqq.dat
Datei Gelöscht : C:\Users\Ed\AppData\Local\qagqq_nav.dat
Datei Gelöscht : C:\Users\Ed\AppData\Local\qagqq_navps.dat
Datei Gelöscht : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\pgwkpf9k.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\pgwkpf9k.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qagqq
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\pgwkpf9k.default\prefs.js

Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);

*************************

AdwCleaner[R1].txt - [2295 octets] - [01/12/2012 21:31:58]
AdwCleaner[S1].txt - [1846 octets] - [01/12/2012 21:32:40]

########## EOF - C:\AdwCleaner[S1].txt - [1906 octets] ##########

OTL Logfile:

Code:

OTL logfile created on: 01.12.2012 21:42:33 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ed\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 37,99% Memory free

4,22 Gb Paging File | 2,85 Gb Available in Paging File | 67,53% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,37 Gb Total Space | 8,88 Gb Free Space | 7,63% Space Free | Partition Type: NTFS

Drive E: | 115,05 Gb Total Space | 49,22 Gb Free Space | 42,78% Space Free | Partition Type: NTFS

 

Computer Name: EDS-LAPPI | User Name: Ed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

PRC - [2012.10.29 21:29:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.12.03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe

PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

PRC - [2007.05.02 14:40:20 | 000,472,555 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.10.29 21:29:17 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2008.03.17 11:19:08 | 000,443,232 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.09.13 14:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.29 21:29:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.09 18:22:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2008.11.04 02:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2009.12.25 12:38:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.12.25 12:38:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2009.11.11 17:35:28 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)

DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2008.11.04 02:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007.12.28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)

DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007.05.01 02:51:33 | 000,073,928 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)

DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2004.07.06 18:28:31 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.prosieben.de/index.php?icqpath=icq

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=145.254.22.10:8000;https=145.254.22.10:8000;ftp=145.254.22.10:8000

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.44

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855

FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747

FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32

FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.5

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 21:29:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 21:29:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.12.05 22:19:57 | 000,000,000 | ---D | M]

 

[2008.08.09 01:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Extensions

[2012.11.16 23:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions

[2010.07.02 00:32:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.30 10:21:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010.03.22 13:17:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(18)

[2012.09.16 22:06:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\ich@maltegoetz.de

[2012.11.16 23:51:38 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\toolbar@web.de.xpi

[2012.10.18 20:56:30 | 000,395,926 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi

[2012.11.16 23:52:04 | 000,002,273 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\englische-ergebnisse.xml

[2012.11.16 23:52:03 | 000,010,563 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\gmx-suche.xml

[2012.11.16 23:52:04 | 000,002,432 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\lastminute.xml

[2012.11.16 23:52:03 | 000,005,545 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\webde-suche.xml

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.27 20:59:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.17 10:35:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.27 20:59:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.27 20:59:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.27 20:59:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.27 20:59:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [CPU_Control] C:\Programme\CPU-Control\CPU_Control.exe ()

O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699E79C-40C3-4090-A909-D15AC37966D0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CEDDD0-E6B1-49DC-8CE3-B627EE2E125E}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4a5338cb-efac-11dd-b9f1-001e3348310b}\Shell\AutoRun\command - "" = G:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 21:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.29 06:55:48 | 000,000,000 | ---D | C] -- C:\FRST

[2012.11.16 22:37:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.02.22 12:44:01 | 010,551,855 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeVideoToMp3Converter.exe

[2008.08.08 21:25:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ed\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.01 21:40:56 | 000,061,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.12.01 21:40:56 | 000,015,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.12.01 21:40:56 | 000,013,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.12.01 21:40:56 | 000,007,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.12.01 21:36:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.01 21:36:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.01 21:36:27 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[2012.12.01 21:36:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.01 21:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.01 21:36:07 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.01 21:30:28 | 000,533,705 | ---- | M] () -- C:\Users\Ed\Desktop\adwcleaner.exe

[2012.12.01 21:22:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.01 21:11:32 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.16 23:47:39 | 000,326,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.01 21:30:18 | 000,533,705 | ---- | C] () -- C:\Users\Ed\Desktop\adwcleaner.exe

[2012.11.27 22:34:28 | 2136,961,024 | -HS- | C] () -- C:\hiberfil.sys

[2012.07.29 12:01:26 | 000,073,832 | ---- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll

[2012.07.29 12:01:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RTKDABMWare.dll

[2012.03.20 13:31:18 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 02.jpg

[2012.03.20 13:19:49 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 01.jpg

[2012.01.10 21:45:37 | 000,071,527 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\msconfig.dat

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_PINSTATUS_VOREINSTELLUNG

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_DIALOG_VOREINSTELLUNG

[2011.06.06 21:22:29 | 000,010,231 | ---- | C] () -- C:\Users\Ed\Moglie_elster_2048.pfx

[2011.05.12 14:14:46 | 000,025,769 | ---- | C] () -- C:\Users\Ed\ESt2010_Schneck_Thomaas_und_Schneck_Donja.elfo

[2010.03.24 18:31:44 | 000,001,356 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat

[2009.06.01 22:22:56 | 000,000,085 | ---- | C] () -- C:\Users\Ed\AppData\Local\kkuim.bat

[2009.03.08 17:51:08 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Roaming\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Local\mxfilerelatedcache.mxc2

[2008.11.25 15:00:19 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\mxfilerelatedcache.mxc2

[2008.10.02 13:42:22 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\wklnhst.dat

[2008.08.17 06:05:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.08.12 14:37:11 | 000,011,114 | ---- | C] () -- C:\ProgramData\MainApp.dll

[2008.08.10 18:24:20 | 000,207,872 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.08.09 02:10:39 | 000,031,007 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\UserTile.png

[2008.08.08 21:26:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.08.08 21:25:41 | 000,081,920 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\ezpinst.exe

[2008.08.08 21:25:41 | 000,007,176 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.cat

[2008.08.08 21:25:41 | 000,001,144 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.inf

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2009.03.02 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Any Video Converter

[2011.07.31 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Awem

[2009.03.08 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Azureus

[2008.11.10 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Buhl Data Service

[2009.04.26 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Cat's Eye Games

[2010.11.24 16:19:40 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\COMPUTERBILD-Abzockschutz

[2012.09.26 05:42:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\CPUControl

[2011.09.05 09:10:11 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\elsterformular

[2011.05.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Epson

[2010.06.10 13:38:30 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\GoPal Assistant

[2010.05.18 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ICQ

[2008.08.14 20:42:29 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ICQ Toolbar

[2010.11.24 14:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\LOADSTREET

[2009.12.16 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\MAGIX

[2012.09.23 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Party

[2008.12.12 08:38:33 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\phonostar-Player

[2008.10.02 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Template

[2008.08.08 21:26:09 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Vso

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:160ADF0B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FDF9B285

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5A437AC3
 

< End of report >

--- --- ---

gruß eddy

hallo schrauber

ja das hab ich versucht aber nach 2 std.10 min blieb der scan bei 26878 dateien stehen und lief auch nicht weiter

ich werde es noch einmal versuchen

gruß eddy

hallo Schrauber

Und der quik Scan stand bei 18%

gruß eddy

Hi

muß heißen ESET onlinescaner
sorry

Hi schrauber

hier nun das log file

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36194662b795ba489f12966eab9b338c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-01 11:34:52
# local_time=2012-12-02 12:34:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 63797983 63797983 0 0
# compatibility_mode=5892 16776573 100 100 13333 191935190 0 0
# compatibility_mode=8192 67108863 100 0 9674 9674 0 0
# scanned=26869
# found=2
# cleaned=0
# scan_time=2429
C:\Program Files\Everest Poker\cstart.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Everest Poker\Everest Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36194662b795ba489f12966eab9b338c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-03 12:33:35
# local_time=2012-12-03 01:33:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 63876539 63876539 0 0
# compatibility_mode=5892 16776573 100 100 80702 192013746 0 0
# compatibility_mode=8192 67108863 100 0 88230 88230 0 0
# scanned=207176
# found=11
# cleaned=0
# scan_time=13797
C:\Program Files\Everest Poker\cstart.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Everest Poker\Everest Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Nero\Nero 9\nero94170rld.iso Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Nero\Nero 9\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\AppData\Local\Temp\1jfuweif.exe a variant of Win32/Injector.ZIV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\47f1e1c0-5c29d2e1 a variant of Java/Exploit.CVE-2012-5076.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\AppData\Roaming\msconfig.dat a variant of Win32/Injector.ZIV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\Desktop\Download\SoftonicDownloader_fuer_picture-converter.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\Desktop\Download\SoftonicDownloader_fuer_tinypic.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\Downloads\Brennprogs für Vista\Nero 7\Nero-7.8.5.0_deu_setup.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ed\Downloads\Progs\Everest Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I

gruß eddy

Noch Probleme?

Öffne bitte OTL, setze bei Extra Registrierung den Haken bei Benutze Safe List und drücke den Scan Button, poste beide Logfiles.

hi schrauber

Probleme? nein eigentlich nicht das System läuft,aber bei OTL bekomme ich die Meldung im oberen Fensterrand "Keine Rückmeldung" und nach einiger Zeit (ca. 30-40 sec.) Läuft es dann wieder
Genau dies Passiert mit den Fenstern(tabs) wenn ich mit Morzilla Firefox im Internet surfe

hier nun die FilesOTL Logfile:

Code:

OTL logfile created on: 03.12.2012 21:25:24 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ed\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,23% Memory free

4,22 Gb Paging File | 2,99 Gb Available in Paging File | 70,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,37 Gb Total Space | 7,02 Gb Free Space | 6,03% Space Free | Partition Type: NTFS

Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Drive E: | 115,05 Gb Total Space | 49,22 Gb Free Space | 42,78% Space Free | Partition Type: NTFS

Drive G: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,92% Space Free | Partition Type: FAT32

 

Computer Name: EDS-LAPPI | User Name: Ed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.12.03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe

PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

PRC - [2007.05.02 14:40:20 | 000,472,555 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2008.03.17 11:19:08 | 000,443,232 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.09.13 14:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.10 08:33:36 | 001,004,544 | ---- | M] () -- C:\Programme\CPU-Control\CPU_Control.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.29 21:29:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.09 18:22:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2008.11.04 02:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2009.12.25 12:38:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.12.25 12:38:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2009.11.11 17:35:28 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)

DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009.09.14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2008.11.04 02:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007.12.28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)

DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007.05.01 02:51:33 | 000,073,928 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)

DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2004.07.06 18:28:31 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.prosieben.de/index.php?icqpath=icq

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{7110585A-C72D-4091-A376-3FEBC2FD3FD3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=145.254.22.10:8000;https=145.254.22.10:8000;ftp=145.254.22.10:8000

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.44

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855

FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747

FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32

FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.5

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 21:29:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 21:29:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.12.05 22:19:57 | 000,000,000 | ---D | M]

 

[2008.08.09 01:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Extensions

[2012.11.16 23:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions

[2010.07.02 00:32:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.30 10:21:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010.03.22 13:17:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(18)

[2012.09.16 22:06:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ed\AppData\Roaming\mozilla\Firefox\Profiles\pgwkpf9k.default\extensions\ich@maltegoetz.de

[2012.11.16 23:51:38 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\toolbar@web.de.xpi

[2012.10.18 20:56:30 | 000,395,926 | ---- | M] () (No name found) -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi

[2012.11.16 23:52:04 | 000,002,273 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\englische-ergebnisse.xml

[2012.11.16 23:52:03 | 000,010,563 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\gmx-suche.xml

[2012.11.16 23:52:04 | 000,002,432 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\lastminute.xml

[2012.11.16 23:52:03 | 000,005,545 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\pgwkpf9k.default\searchplugins\webde-suche.xml

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2012.10.29 21:29:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.29 21:29:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.27 20:59:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.17 10:35:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.27 20:59:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.27 20:59:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.27 20:59:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.27 20:59:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [CPU_Control] C:\Programme\CPU-Control\CPU_Control.exe ()

O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699E79C-40C3-4090-A909-D15AC37966D0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CEDDD0-E6B1-49DC-8CE3-B627EE2E125E}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4a5338cb-efac-11dd-b9f1-001e3348310b}\Shell\AutoRun\command - "" = G:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.02 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.12.02 21:21:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.12.02 21:19:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.12.02 21:19:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.12.02 21:19:51 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.12.02 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.12.01 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.11.29 21:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.29 06:55:48 | 000,000,000 | ---D | C] -- C:\FRST

[2012.11.16 22:22:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.11.16 22:22:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012.11.16 22:22:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.11.16 22:22:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.11.16 22:22:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.11.16 22:22:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.11.16 22:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.11.16 22:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.11.15 21:08:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012.11.15 21:08:23 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.02.22 12:44:01 | 010,551,855 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeVideoToMp3Converter.exe

[2008.08.08 21:25:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ed\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.03 21:23:21 | 000,061,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.12.03 21:23:21 | 000,015,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.12.03 21:23:21 | 000,013,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.12.03 21:23:21 | 000,007,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.12.03 21:22:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.03 21:18:26 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[2012.12.03 21:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 21:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 21:18:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.03 21:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.03 21:18:08 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.03 21:11:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.02 21:18:52 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012.12.02 21:18:46 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.12.02 21:18:46 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.12.02 21:18:46 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.12.02 21:18:45 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.12.02 21:18:45 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012.12.01 21:30:28 | 000,533,705 | ---- | M] () -- C:\Users\Ed\Desktop\adwcleaner.exe

[2012.11.29 21:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe

[2012.11.16 23:47:39 | 000,326,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.01 21:30:18 | 000,533,705 | ---- | C] () -- C:\Users\Ed\Desktop\adwcleaner.exe

[2012.11.27 22:34:28 | 2136,961,024 | -HS- | C] () -- C:\hiberfil.sys

[2012.07.29 12:01:26 | 000,073,832 | ---- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll

[2012.07.29 12:01:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RTKDABMWare.dll

[2012.03.20 13:31:18 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 02.jpg

[2012.03.20 13:19:49 | 000,438,993 | ---- | C] () -- C:\Users\Ed\Dazendorf 01.jpg

[2012.01.10 21:45:37 | 000,071,527 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\msconfig.dat

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_PINSTATUS_VOREINSTELLUNG

[2011.06.06 21:29:15 | 000,000,001 | ---- | C] () -- C:\Users\Ed\.SIG_DIALOG_VOREINSTELLUNG

[2011.06.06 21:22:29 | 000,010,231 | ---- | C] () -- C:\Users\Ed\Moglie_elster_2048.pfx

[2011.05.12 14:14:46 | 000,025,769 | ---- | C] () -- C:\Users\Ed\ESt2010_Schneck_Thomaas_und_Schneck_Donja.elfo

[2010.03.24 18:31:44 | 000,001,356 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat

[2009.06.01 22:22:56 | 000,000,085 | ---- | C] () -- C:\Users\Ed\AppData\Local\kkuim.bat

[2009.03.08 17:51:08 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Roaming\mxfilerelatedcache.mxc2

[2008.11.25 15:00:37 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\AppData\Local\mxfilerelatedcache.mxc2

[2008.11.25 15:00:19 | 000,000,016 | -H-- | C] () -- C:\Users\Ed\mxfilerelatedcache.mxc2

[2008.10.02 13:42:22 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\wklnhst.dat

[2008.08.17 06:05:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.08.12 14:37:11 | 000,011,114 | ---- | C] () -- C:\ProgramData\MainApp.dll

[2008.08.10 18:24:20 | 000,207,872 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.08.09 02:10:39 | 000,031,007 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\UserTile.png

[2008.08.08 21:26:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.08.08 21:25:41 | 000,081,920 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\ezpinst.exe

[2008.08.08 21:25:41 | 000,007,176 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.cat

[2008.08.08 21:25:41 | 000,001,144 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.inf

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:160ADF0B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FDF9B285

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5A437AC3
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 03.12.2012 21:25:24 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ed\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,23% Memory free

4,22 Gb Paging File | 2,99 Gb Available in Paging File | 70,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,37 Gb Total Space | 7,02 Gb Free Space | 6,03% Space Free | Partition Type: NTFS

Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Drive E: | 115,05 Gb Total Space | 49,22 Gb Free Space | 42,78% Space Free | Partition Type: NTFS

Drive G: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,92% Space Free | Partition Type: FAT32

 

Computer Name: EDS-LAPPI | User Name: Ed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" = 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{23CBA2D8-5FD3-4264-9FE2-858101803019}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2838FA41-FB6A-4151-973C-36A30606EDCD}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2AE2D925-710B-453D-8534-182B22B612F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{2EA837EF-19C6-4652-8B43-B941103C242D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{332AAE09-017E-4B02-8400-65BE13229636}" = rport=138 | protocol=17 | dir=out | app=system | 

"{55181543-507E-4B2E-BC99-24A320AE4E0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{5ADC16FB-9D07-407F-B675-D33DF0096BAC}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{61946018-A1FA-45AB-89AC-DBC54195CA86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{654289B7-55A9-4368-BAF9-221A69F73C0A}" = lport=138 | protocol=17 | dir=in | app=system | 

"{77337C51-1C2A-4539-A008-C4C335487B90}" = lport=445 | protocol=6 | dir=in | app=system | 

"{781D1C03-045A-4D2B-8A97-9CF47B45A6CD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{8A275C49-F027-456A-B4E3-529B2BB26112}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{8D1630A5-1F42-4BA7-BA2C-125F6BD348FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{954C74FF-7EAF-4C8A-8309-61C434516E09}" = rport=445 | protocol=6 | dir=out | app=system | 

"{97160D0B-7DDF-4FD4-B9DB-9DB95D0119D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{A32BE353-C461-4C6C-959B-F56AC6E7658D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{ABF4BFB0-AFA8-4432-A954-4EA9663D0D8F}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AF2CDAFA-3F90-431E-95A8-7801639F7196}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{E0BCF921-4EBE-48F3-BBE8-1A9D765FE2F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{EA1BA5A3-CFAA-47F2-990F-F1573913ACFF}" = rport=139 | protocol=6 | dir=out | app=system | 

"{EAA7E085-DA41-46E9-B47A-04A06B11221F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1250897B-3725-461F-BE63-2D016A1D26A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{19025414-5587-43F3-821E-11004FEE90EE}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 

"{2933D072-06EF-48C2-AF93-C668A8FE49F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{4246799A-91D1-4590-BB1C-9873CEEB5723}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{451D604C-A66D-47E6-90F8-E26866E2030B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4D83C7D2-8D9D-448F-8F97-F2E2667DCDAB}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 

"{53FAD7ED-07D5-42E6-A7CC-8F467C062C50}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{7AE59B7B-F00E-46D2-95E0-689381DCE13B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{92F8DB80-388D-40C5-B501-51C87F604513}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9705186C-1DF6-425D-AD7E-E007B2019EFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{97D3ACC2-44AE-4815-8CC7-406E14076B44}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 

"{A45FCEA6-006A-4DC5-A1BA-21FF2536FBA4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{AA9FDB47-4B87-46E8-B84C-DFCC6AC6EEE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AAB3787F-1A26-4887-A6C5-B7D7DAC459FC}" = protocol=6 | dir=out | app=system | 

"{AB0C9F51-0EB9-447C-BC46-AC358B20BC64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{ABDB7AA2-DE19-43F8-8A89-F4B37FA96226}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{C0BBD6C1-3E82-4DE6-95BF-0D5255AEA80D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C3084045-27F7-41E0-8A0C-E25775729CDE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 

"{CEB4AEA0-C1E8-4D74-9F0B-2D903824E190}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DA3A31BE-D643-488E-A90C-6EED8ED4783A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{DB239322-9840-4947-8536-DFB634BD3D10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DE3A9705-A769-441E-BAB8-8A8332F7EB64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DE6FE906-2EBA-49F7-8BF0-485B585BD777}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{E8A14E54-89A6-4668-9145-FCF4DF4C608F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{E957616B-7155-4D4C-A330-3CCB2D3DE13E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{ED3F481B-0282-4D5D-B82F-1590F6CEBC01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{069062CE-C9E1-49B8-8D23-367330CC4CA0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2E2DDEE6-96BD-4BC8-BDA8-7A615BC171C9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{50DE3DCF-DC8B-4DC5-BBC3-BF310094B826}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{5281DCD5-5AC8-470E-A632-687EE57E9DC6}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{556DBCB9-626F-4E44-B53A-46AEC5702800}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{5D01A047-6E1F-4A37-9E61-0A38DA6659AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{65B5A033-768E-4F74-A182-4A4DB54A9D49}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{679BD986-039E-4AC6-A329-5DCA6F1D80BB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{77CFFBEA-1224-444C-B433-148592D33D15}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"TCP Query User{8321AD38-0AED-43B5-AC5C-3BA39562BE1E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{89D5E875-427F-4C53-B168-C7E48BF5B11B}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 

"TCP Query User{ACFBFBE6-89C7-414A-A7A6-D1E28B9F5F87}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"TCP Query User{AD95257A-B80F-474A-A891-B3A0FEBC6E5D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{D0E2482F-4F0A-4148-9380-4D782F28AE5C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"TCP Query User{DD2CDF62-A7DB-49F9-91BB-83D4383BD804}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 

"UDP Query User{04C094B0-B64D-46EF-9297-59CA78119F59}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{4389D1F4-2CBA-402B-802A-7AF528A5CE8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{4D40C1F7-1196-4AB7-B35C-CE6AF80514BE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{50775F97-2CA4-48D0-8B1D-C2D63F2ACCE7}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 

"UDP Query User{64E1044F-9B1F-416E-BD50-D58859A2985A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"UDP Query User{753AD5FC-DD8E-435C-9021-7A3F7B1A0B17}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{C301728B-C448-4C76-803C-526A2BAEBC0D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{C34F5C5B-965F-48BD-8C47-9AD935672FD2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{E6D16144-CC9D-49D9-BA37-BC011E358BE7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"UDP Query User{EAC158E7-595B-457D-AC4E-FF081D8188AE}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 

"UDP Query User{EB3BB088-90CD-48AF-AF92-021051351CDF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"UDP Query User{F22BEBD0-A37F-4687-9B3A-86CDDF3507ED}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{F8CBE681-1F97-40C6-8F72-EEF5CF809B02}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{F91CEFC5-FB95-40F9-98BB-BBB6E255EB32}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{FE016DDF-A8F7-492F-805E-A5418F1F0F9D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Premium

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A7-0407-0000-0000000FF1CE}" = Kalenderdruck-Assistent für Microsoft Office Outlook 2007

"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-2000-0407-0000-0000000FF1CE}" = Microsoft Filter Pack 1.0

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Any Video Converter_is1" = Any Video Converter 2.6.7

"AnyDVD" = AnyDVD

"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.50

"CloneCD" = CloneCD

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"CPU-Control_is1" = CPU-Control

"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Update

"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender

"EPSON Scanner" = EPSON Scan

"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series

"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch

"Everest Poker" = Everest Poker (Remove Only)

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10

"kkuim" = Favorit

"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)

"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"MainApp.exe_is1" = CloneDVD 4.1.0.2

"Medion GoPal Assistant" = Medion GoPal Assistant 4.01.012

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"myphotobook" = myphotobook 3.5

"PartyPoker" = PartyPoker

"Perfect Tools für Vista_is1" = Perfect Tools für Vista 1.00

"PokerStars" = PokerStars

"PokerStars.net" = PokerStars.net

"PrintKey2000" = PrintKey2000

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"YTdetect" = Yahoo! Detect

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.07.2010 05:20:20 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 29.07.2010 05:21:32 | Computer Name = Eds-Lappi | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.07.2010 05:24:39 | Computer Name = Eds-Lappi | Source = SecurityCenter | ID = 7

Description = Das Windows-Sicherheitscenter hat ein Drittanbieterprodukt mit einer

 nicht GUID-InstanceId gefunden. InstanceID=956-A9F9-E252435469C0}.

 

Error - 29.07.2010 06:24:16 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3148) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 06:24:16 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3148) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 08:47:55 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 29.07.2010 08:48:59 | Computer Name = Eds-Lappi | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.07.2010 08:51:17 | Computer Name = Eds-Lappi | Source = SecurityCenter | ID = 7

Description = Das Windows-Sicherheitscenter hat ein Drittanbieterprodukt mit einer

 nicht GUID-InstanceId gefunden. InstanceID=956-A9F9-E252435469C0}.

 

Error - 29.07.2010 08:55:19 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3004) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

Error - 29.07.2010 08:55:19 | Computer Name = Eds-Lappi | Source = ESENT | ID = 467

Description = Windows (3004) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:

 Index indexRecovery von Tabelle SystemIndex_Gthr ist beschädigt (0).

 

[ OSession Events ]

Error - 23.01.2010 04:35:52 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1934

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 18.08.2010 11:59:58 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.09.2010 11:13:55 | Computer Name = Eds-Lappi | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 26.11.2012 15:44:00 | Computer Name = Eds-Lappi | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.11.2012 16:13:00 | Computer Name = Eds-Lappi | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 26.11.2012 um 20:46:58 unerwartet heruntergefahren.

 

Error - 26.11.2012 16:14:14 | Computer Name = Eds-Lappi | Source = Microsoft-Windows-Bits-Client | ID = 16392

Description = 

 

Error - 27.11.2012 16:59:47 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 16:59:53 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 16:59:57 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 17:00:03 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 27.11.2012 17:00:04 | Computer Name = Eds-Lappi | Source = DCOM | ID = 10005

Description = 

 

Error - 01.12.2012 18:49:11 | Computer Name = Eds-Lappi | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 01.12.2012 um 23:37:04 unerwartet heruntergefahren.

 

Error - 02.12.2012 16:41:26 | Computer Name = Eds-Lappi | Source = Service Control Manager | ID = 7023

Description = 

 

 

< End of report >

--- --- ---

gruß eddy

Bevor wir die Reste rausnehmen, teste mal bitte Internet Explorer. Gleiches Problem beim surfen?

hi schrauber

Bis jetzt keine Probleme mit Internet Explorer, aber das gleiche Problem stellt sich auch bei dem Updates von Kaspersky da.
Achja und auf dem Desktop sind jetzt 2 Desktop.ini Dateien von 2008 und Anfang 2012 und eine MXC2 Datei von 2008.

gruß eddy