| bugbugbug | 11.04.2011 16:33 |
MS Removal Tool
Hallo zusammen,
erstmal das Malwarebytes-Log: Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6333
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
11.04.2011 17:28:56
mbam-log-2011-04-11 (17-28-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 112686
Laufzeit: 17 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIj28258lHaFl28258 (Rogue.MSRemovalTool) -> Value: hIj28258lHaFl28258 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\hij28258lhafl28258\hij28258lhafl28258.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\33A6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\686t20g1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\6ntecle7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\7cc2opx4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\9iyywc9v.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\aysdte0o.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\j5pepkrl.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\kf1khc1s.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\pnakgqu0.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\qtpd76jb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\v7tt5gb1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\11cfa543-3992d1eb (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24452392.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
OTL 1:
OTL Logfile: Code:
OTL logfile created on: 11.04.2011 17:32:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*\Voreingestellte Ordner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32
Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32
Computer Name: *-PCMENG | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (TVGOnlineUpdateSvc) -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe ()
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.test-wasser.de/piwik/index.php?module=CoreHome&action=index&date=2010-08-03&period=day&idSite=40
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61838
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:3.1
FF - prefs.js..extensions.enabledItems: {D73AD7EE-96ED-49B4-A9B7-DD94F154813D}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=18e19fc0000000000000bc05430013f4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.11 15:34:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.11 15:34:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 17:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.11 17:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions
[2010.07.27 10:04:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.30 10:03:41 | 000,000,000 | ---D | M] (SEO Status PageRank/Alexa Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\seostatus@rubyweb
[2010.08.30 10:05:24 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\webrank-toolbar@probcomp.com
[2011.04.11 15:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.04 08:47:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.09.03 15:49:32 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.09.03 15:49:33 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2011.04.11 14:14:26 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\*\APPDATA\LOCAL\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
[2009.05.30 01:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Programme\Mozilla Firefox\plugins\NPCltInstall.dll
[2011.04.11 15:34:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.11 15:34:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.11 15:34:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.11 15:34:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.11 15:34:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [STAMPIT-Tray] C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.02.03 11:27:41 | 000,000,040 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\menue.exe -- [2008.08.11 17:42:26 | 000,160,536 | R--- | M] ()
O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.11 16:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.04.11 16:48:06 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2011.04.11 16:05:02 | 017,733,592 | ---- | C] (GridinSoft, Inc. ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe
[2011.04.11 15:58:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.11 14:33:36 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe
[2011.04.11 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2011.04.11 14:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.11 14:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.11 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.11 14:32:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.11 14:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.11 14:31:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.11 14:30:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.11 14:14:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
[2011.04.11 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\hIj28258lHaFl28258
[2011.04.08 07:50:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
[2011.04.08 07:50:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TVG
[2011.04.08 07:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DasTelefonbuch Gelbe Seiten Map & Route
[2011.04.08 07:45:53 | 000,000,000 | ---D | C] -- C:\Programme\TVG
[2011.03.30 10:52:19 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\Ciao.it
[2011.03.29 09:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.03.29 08:48:45 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Corel
[2011.03.29 08:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Visual Studio 2008
[2011.03.29 08:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2011.03.29 08:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2011.03.29 08:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Protexis
[2011.03.29 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
[2011.03.29 08:36:04 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2011.03.23 09:04:15 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 09:04:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.22 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\CyberLink
[2011.03.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\gynefix2011
[2011.03.18 15:00:50 | 000,000,000 | ---D | C] -- C:\tmp
========== Files - Modified Within 30 Days ==========
[2011.04.11 17:16:37 | 000,638,224 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.11 17:16:37 | 000,604,154 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.11 17:16:37 | 000,130,634 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.11 17:16:37 | 000,107,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.11 17:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.11 16:58:42 | 243,748,103 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.11 16:52:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.11 16:48:09 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.04.11 16:37:47 | 000,404,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.11 16:25:49 | 000,001,356 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2011.04.11 16:05:15 | 017,733,592 | ---- | M] (GridinSoft, Inc. ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe
[2011.04.11 15:25:02 | 000,000,130 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat
[2011.04.11 15:20:56 | 001,006,778 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe
[2011.04.11 14:45:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.11 14:36:42 | 000,002,736 | ---- | M] () -- C:\Users\*\AppData\Roaming\CD06.5F3
[2011.04.11 14:32:31 | 000,012,800 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 14:28:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe
[2011.04.11 14:27:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.11 14:14:27 | 000,000,120 | ---- | M] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat
[2011.04.11 14:14:27 | 000,000,000 | ---- | M] () -- C:\Users\*\AppData\Local\Cmamevub.bin
[2011.04.11 14:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.08 07:49:27 | 000,001,432 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk
[2011.04.01 14:28:52 | 000,005,983 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt
[2011.04.01 14:28:30 | 000,006,457 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt
[2011.04.01 08:46:37 | 000,157,773 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf
[2011.04.01 08:46:24 | 000,157,765 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf
[2011.03.21 11:26:41 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
========== Files Created - No Company Name ==========
[2011.04.11 16:48:09 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.04.11 15:35:55 | 000,000,130 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat
[2011.04.11 15:26:19 | 001,006,778 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe
[2011.04.11 14:48:48 | 243,748,103 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.11 14:14:27 | 000,000,120 | ---- | C] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat
[2011.04.11 14:14:27 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\Cmamevub.bin
[2011.04.11 14:12:36 | 000,002,736 | ---- | C] () -- C:\Users\*\AppData\Roaming\CD06.5F3
[2011.04.08 07:49:27 | 000,001,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk
[2011.04.01 14:28:51 | 000,005,983 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt
[2011.04.01 14:28:29 | 000,006,457 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt
[2011.04.01 08:46:36 | 000,157,773 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf
[2011.04.01 08:46:24 | 000,157,765 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf
[2011.02.22 09:20:09 | 000,000,293 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.07 13:31:06 | 000,001,356 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.10.25 13:07:38 | 000,000,055 | ---- | C] () -- C:\Users\*\AppData\Roaming\tigersetting.dll
[2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.10.15 16:36:49 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\init.dll
[2010.10.15 16:36:49 | 000,000,006 | ---- | C] () -- C:\Users\*\AppData\Roaming\SYSTEM32.dll
[2010.10.15 16:36:47 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\sound.dll
[2010.10.15 16:35:53 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2010.06.11 11:57:08 | 000,024,456 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2010.06.11 11:57:06 | 000,052,616 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2010.06.11 11:57:06 | 000,022,920 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2010.06.11 11:56:58 | 000,255,368 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2010.06.11 11:56:54 | 000,075,656 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2010.05.11 09:35:41 | 001,503,232 | ---- | C] () -- C:\Windows\System32\ptj.exe
[2010.05.11 09:35:41 | 001,103,360 | ---- | C] () -- C:\Windows\System32\cidfont.dll
[2010.05.11 09:35:39 | 004,369,408 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2010.05.11 09:35:39 | 000,235,008 | ---- | C] () -- C:\Windows\System32\office.exe
[2010.04.19 14:59:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.04.19 14:59:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.09.22 11:05:36 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2009.09.22 11:05:35 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP2600.EXE
[2009.09.03 15:49:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.03 15:14:32 | 000,000,819 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.09.03 15:14:32 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.09.03 15:13:36 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.09.03 15:13:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.09.03 15:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.09.01 11:09:15 | 000,012,800 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.01 07:16:57 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.09.01 07:16:56 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.09.01 07:16:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.09.01 06:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.01 06:55:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.01 06:55:11 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2009.09.01 06:46:22 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.19 13:31:04 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.06.19 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.02 13:38:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.02 13:38:44 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2009.06.02 13:38:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.29 03:14:19 | 000,638,224 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.05.29 03:14:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.05.29 03:14:19 | 000,130,634 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.05.29 03:14:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.05.28 17:53:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.16 05:22:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.23 21:04:54 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.02.21 00:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007.06.27 08:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP2600.EXE
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,404,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,154 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,486 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
========== LOP Check ==========
[2011.04.01 09:35:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Babylon
[2011.04.08 07:50:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
[2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2011.02.22 12:09:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Lexware
[2009.09.22 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC-FAX TX
[2010.06.10 08:38:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2011.02.28 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\XSManager
[2010.10.25 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\YCanPDF
[2011.04.11 15:22:31 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL 2
Extras: Code:
OTL Extras logfile created on: 11.04.2011 17:32:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*\Voreingestellte Ordner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32
Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32
Computer Name: *-PCMENG | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02168D5F-1DC9-408B-BBD6-15413069EFA8}" = rport=445 | protocol=6 | dir=out | app=system |
"{1816C5C5-8724-4346-BE7B-D6AD9BF9783F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19D52958-82A0-49E5-A7D0-5B0ABB4D9BD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26ACDBF9-3F62-4039-88EE-BB5085D2F88B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D24BB1B-45DA-427F-8BB2-57038C6114AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{34394ECB-55D8-4365-9217-E4615BEACF8E}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{43A7A43F-31CC-44BD-9190-A147717D727B}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B3F1AB2-BB23-4042-96C6-A476F18F9B87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5B6389CA-35AB-473D-92B9-89C2E6EAA4C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DD9E58C-BBAA-4553-BC4D-4DD0B2713C49}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D00B4AD-588A-436A-8B79-12425B3025ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AC15729-7F19-4013-BC6E-CBD771A9C5CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C5D1BC5-9FB9-4276-A322-4923AEF199A4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CEF1FEEE-D5DE-40AD-9C0E-44071CE655F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2E63D72-AF82-42DC-A99B-3E929AECE6FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA29240B-DAAF-4C2F-85B3-BC5D63B1B76A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF2F699D-4D4C-4048-9648-E8AD9AE80A21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E79498D0-5688-47EF-8A90-E78CADFE044B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E8C1978F-99EE-4385-937A-91DAEAD737F1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FBB36426-C494-4349-9A18-F4FB5AD91145}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD64E035-E3FB-4751-874E-54DB333A668C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF648C95-EC9A-4D63-8B34-494CB8154996}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAB2950-412F-43AE-AE84-E6C26AE11CE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{16D6CCB1-153E-4A96-8B18-4BE302EB0109}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{2305097D-4A25-4280-A20C-87D64AF4DA12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{330176FD-B388-4FED-BDAB-7756D5024EEB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4074D7CD-E6F8-4492-BC0D-24849B906F80}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{7A37DCB4-3FB8-4963-85A7-D58CD1A69961}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{84D28370-5E88-4676-9B18-F30073B5AFBC}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{87F4EB7E-BE7A-4293-AB0F-A86DFD346F62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8FCF42BB-913C-4422-9D0D-996090DAC2C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1EB3616-7A10-400A-A81E-7BEFD43E9CB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADDD1838-02E6-45C4-AC41-355D4A10D5D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B31B51C3-20BD-40CA-B401-26B2FC0EAF12}" = protocol=17 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe |
"{B6F95F63-654B-4F70-889D-8D1C8DEC682E}" = protocol=6 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe |
"{BE29A264-0900-4C94-AB3B-F39194970FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB08819A-3E73-4FE4-8B92-34E87B635332}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D769AD58-E721-499D-8C70-BC4B15F40737}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E2FF9E75-3AE5-424D-A546-BC85DFC736D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4FA8F3B5-A0D2-4AF9-88E7-C73082C60243}C:\program files\lan.fs\lan-fs.exe" = protocol=6 | dir=in | app=c:\program files\lan.fs\lan-fs.exe |
"TCP Query User{6BF648D6-8E76-44F8-A76C-95A1B8E2971E}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"TCP Query User{7D451E0A-17A0-4F65-84A9-825EA2DBF2AA}H:\setup.exe" = protocol=6 | dir=in | app=h:\setup.exe |
"UDP Query User{46D0DF17-3A0C-49E5-863B-15D41DE1514A}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B0EBE722-677E-431B-B01C-B040325BA9E5}C:\program files\lan.fs\lan-fs.exe" = protocol=17 | dir=in | app=c:\program files\lan.fs\lan-fs.exe |
"UDP Query User{CDE4E560-0E51-46BB-A448-9BF8E776FB68}H:\setup.exe" = protocol=17 | dir=in | app=h:\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BADC8E-0A5A-1C41-A4C2-ADE2B26B78EF}" = CCC Help German
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1E307673-A877-89FF-78DC-14EE9B90E36D}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A0EDB2D-F27C-DFDD-C17C-F2E4B05F503D}" = CCC Help French
"{321F2647-25B9-2909-E2F4-AC2770A358B9}" = Catalyst Control Center Graphics Full New
"{3429F980-7C10-BF80-84C0-06ACF39900CD}" = ccc-utility
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{383A2E3F-A462-1C60-7627-EFA7D3B140E7}" = CCC Help Finnish
"{398ED33A-6B97-9909-B91F-7A3ADEF08BEE}" = CCC Help Norwegian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A567E16-3E64-39BB-0C07-8083E81D56F0}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C4DC88C-1C41-457C-BB14-9FAE6E3CEFBD}" = Lexware faktura+auftrag 2011
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{519EDA51-1048-2879-8005-5EF3F3EE4A99}" = CCC Help Japanese
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{5235D305-3A25-35E0-C8F4-0D07325B5449}" = CCC Help Italian
"{5383EF8A-150E-4EAB-2C1D-C3135DE70368}" = Catalyst Control Center Core Implementation
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849EF876-F6A3-B14F-7FBE-35264E4D84A0}" = Catalyst Control Center Graphics Previews Vista
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF070B4-7A62-FEB7-2673-68A58166C9D5}" = Catalyst Control Center Localization All
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B83AAFD3-D8DE-46CE-9351-70C21AC6704E}" = Stampit Home
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC507BF5-66C7-B876-F564-0E60CB91D0DF}" = Catalyst Control Center Graphics Full Existing
"{DCB39D37-F1EC-EC0B-AC38-F3ECC9B5F55D}" = CCC Help Swedish
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1CEE7F9-90EF-19B9-75DE-8F8F2AA18131}" = Catalyst Control Center Graphics Light
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5DF3476-26A4-A39E-52E1-33FFD2D7FEED}" = CCC Help Danish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E67038A6-1745-BFC1-65D5-01D833D8E932}" = ccc-core-static
"{E7F088E0-6B7F-896B-4337-FC1617514152}" = CCC Help English
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EF3D2EED-053B-9A14-B270-B62FB987EBC5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F98A9659-65D5-856C-A163-1304D8355F72}" = Skins
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"DasTelefonbuch Gelbe Seiten Map & Route" = DasTelefonbuch Gelbe Seiten Map & Route
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Local Area Network File Send 2_is1" = Local Area Network File Send Version 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"myBabylon_English Toolbar" = myBabylon English Toolbar
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"PDFTiger_is1" = PDFTiger
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"uninstall.exe" = iLinc Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"web2date" = DATA BECKER shop to date 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 09:02:01 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:15:51 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:20:04 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.04.2011 11:00:19 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 11:00:54 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2011 11:21:52 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 17.03.2011 09:23:02 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.03.2011 08:43:09 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16745
seconds with 900 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:30:28 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7922
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:31:59 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:32:12 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:33:16 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2011 08:33:42 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.03.2011 10:21:35 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
seconds with 60 seconds of active time. This session ended with a crash.
Error - 30.03.2011 04:54:40 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.04.2011 01:55:30 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 217
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2011 11:00:56 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:00:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:00:59 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:09:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:11 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:12 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:13 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7001
Description =
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
