| |
| |||||||
Log-Analyse und Auswertung: "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE LogfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2011, 21:36
| #16 |
| /// Malwareteam   |  "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Schritt 1 Downloade Dir bitte Malwarebytes
Schritt 2 Bitte
|
|
06.09.2011, 21:51
| #17 |
 | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Kann ich das Ganze wieder am infizierten Rechner machen, sprich darauf ins Netz gehen oder soll ich das besser auf nem sauberen Rechner runterladen und über nen Stick auf den anderen ziehen?
__________________ |
|
06.09.2011, 22:05
| #18 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Nein alles am infizierten Rechner. Einfach noch kein Ebanking.
__________________ |
|
06.09.2011, 22:13
| #19 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Gesagt, probiert. Da tat sich jedoch ein neues Problem auf: Nach ca. 1-2 min Scan wurde plötzlich der Bildschirm blau, es stand jede Menge Zeug da (ich habs nicht lesen können, da ich es nur im Augenwinkel gesehen habe) und dann hat der Laptop ohne mein Zutun neu gestartet... Soll ich es einfach nochmal mit dem Scan versuchen? |
|
06.09.2011, 22:20
| #20 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Ja einfach nochmals. |
|
11.09.2011, 14:41
| #21 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile So jetzt hat es im fünften Anlauf endlich geklappt! Ich poste einfach mal die Gmer.txt Datei, du kannst mir dann bestimmt sagen, wie es weitergeht: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-11 15:37:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.12.0
Running: eoihd3ew.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kxtdyfoc.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218670eaca
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218670eaca@001cd6071962 0xFC 0x23 0x0B 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218670eaca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218670eaca@001cd6071962 0xFC 0x23 0x0B 0xB1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5000068082256FB448E59E9A75FACD4B\Usage@Product 1059816917
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 86400
---- Files - GMER 1.0.15 ----
File C:\Users\***\AppData\Local\Temp\~DFD208.tmp 360448 bytes
File C:\Users\***\AppData\Local\Temp\~DFD213.tmp 512 bytes
File C:\Users\***\AppData\Local\Temp\~DFD22E.tmp 540672 bytes
File C:\Users\***\AppData\Local\Temp\~DFD23C.tmp 512 bytes
File C:\Windows\winsxs\Catalogs\c51db1225623ff4d01c4fe16af981a86f52fa76c928f70907d940d3631ec10c7.cat 14756 bytes
File C:\Windows\winsxs\Catalogs\c5763cff28dc342ff52c73023f20f4ad94e277bead6465b91e8cb14f7c01e0a8.cat 10535 bytes
File C:\Windows\winsxs\Catalogs\c5e7478c64f7d2c08c0b147dd4f0704e6cbcd0b6b4e2ed52da4c6bcec976d97b.cat 10649 bytes
File C:\Windows\winsxs\Catalogs\c67ff437d35b8890bda9e14fb409cfff8d84b0c09997f78ab4695022d0b64665.cat 9658 bytes
File C:\Windows\winsxs\Catalogs\c6a14510867ecac0f10d1773225015fa2481ed0b0cf02838ac97e6c24b7671c9.cat 7367 bytes
File C:\Windows\winsxs\Catalogs\c6da0c3622523b00f22608b44a0ede88f174b83fc8bc1e5ee5f11997011587f1.cat 11228 bytes
---- EOF - GMER 1.0.15 ----
|
|
11.09.2011, 23:21
| #22 |
| /// Malwareteam |  "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Melde mich Morgen, sorry. |
|
12.09.2011, 17:51
| #23 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
17.09.2011, 19:05
| #24 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Guten Abend, dies sind die Dateien - zunächst das OTL-File und dann das Extras-File: Code:
ATTFilter OTL logfile created on: 17.09.2011 19:33:53 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,58% Memory free 4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,69 Gb Total Space | 59,26 Gb Free Space | 42,42% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS Computer Name: HEADOFHOUSE-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.12.20 13:03:50 | 000,697,856 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.11.23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.11.16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.05.11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.08 00:17:16 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.09.30 17:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2008.09.30 17:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe PRC - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2007.05.08 09:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsty.exe PRC - [2007.04.16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.01.12 20:36:40 | 000,323,216 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2010.12.20 13:17:18 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2010.12.20 13:17:18 | 002,551,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2010.12.20 13:17:18 | 002,277,888 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2010.12.20 13:17:18 | 000,912,384 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2010.12.20 13:17:18 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll MOD - [2010.12.20 13:17:18 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll MOD - [2010.12.20 13:17:16 | 008,151,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2010.12.20 13:17:16 | 002,186,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2010.12.20 13:17:16 | 001,283,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2010.12.20 13:17:16 | 000,675,840 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2010.12.20 13:17:16 | 000,339,456 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2010.12.20 13:17:16 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2010.12.20 13:17:16 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2010.12.20 13:17:16 | 000,120,832 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Plugins\nps.dll MOD - [2010.12.20 12:57:12 | 000,790,016 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2010.12.20 12:55:12 | 000,345,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2010.12.20 12:55:12 | 000,180,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\noaipcclient.dll MOD - [2010.12.20 12:55:12 | 000,028,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll MOD - [2010.12.20 12:54:14 | 000,680,448 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2007.02.16 18:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.02.16 18:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll MOD - [2005.06.28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.03 04:50:15 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007.04.16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2010.08.03 04:50:15 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV - [2009.05.27 17:40:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 17:40:13 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 17:40:11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007.05.24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.04.16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.01.08 00:17:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.26 17:07:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M] [2011.09.11 23:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions [2009.08.13 18:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 19:24:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.01.08 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REALPLAYER@PARTNERS.MOZILLA.COM [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG [2009.01.08 00:17:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009.01.08 00:16:41 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009.01.08 00:16:41 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009.01.08 00:16:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009.01.08 00:16:41 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.png [2009.01.08 00:16:41 | 000,000,804 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.src [2009.01.08 00:16:41 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.gif [2009.01.08 00:16:41 | 000,001,075 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.src [2009.01.08 00:16:41 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.gif [2009.01.08 00:16:41 | 000,000,879 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.src [2009.01.08 00:16:41 | 000,000,232 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.png [2009.01.08 00:16:41 | 000,001,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.src [2009.01.08 00:16:41 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.gif [2009.01.08 00:16:41 | 000,001,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF93A730-B904-4CBB-8AF7-25AEBB9396DC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (c:\users\bernd dransfeld\desktop\0.5435339398469355.exe) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.17 19:24:37 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.09.15 16:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Susanne und Frank 50 [2011.08.19 10:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2011.09.17 19:35:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.09.17 19:19:31 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.17 19:19:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 19:19:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 19:18:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.17 19:18:54 | 2136,305,664 | -HS- | M] () -- C:\hiberfil.sys [2011.09.15 23:07:45 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.15 22:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.15 13:21:14 | 000,696,626 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.15 13:21:14 | 000,651,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.15 13:21:14 | 000,155,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.15 13:21:14 | 000,126,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.11 14:20:38 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.09.07 05:04:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\eoihd3ew.exe ========== Files Created - No Company Name ========== [2011.09.11 20:01:40 | 2136,305,664 | -HS- | C] () -- C:\hiberfil.sys [2011.09.07 05:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\eoihd3ew.exe [2011.05.04 21:09:11 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.01 15:00:58 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\80843.cfg [2009.08.08 12:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 12:10:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.10 16:31:48 | 000,000,303 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2009.03.20 23:23:22 | 000,017,089 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.01.08 00:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.01.08 00:16:41 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat [2008.12.22 19:45:17 | 000,008,959 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.11.21 11:08:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.21 02:15:35 | 000,044,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.25 16:08:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.10.25 16:08:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.10.25 16:08:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.10.25 16:08:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.08.24 14:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.08.24 14:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.24 14:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.08.24 14:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.06.08 10:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.09 18:42:33 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 18:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:38:05 | 000,696,626 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:38:05 | 000,155,102 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,433,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,651,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,126,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.02.12 13:23:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10566 [2010.09.12 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2008.10.25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett Packard [2008.12.25 11:13:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2010.05.10 23:19:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec [2008.12.08 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.12.28 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.09.10 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pro Cycling Manager 2010 [2008.12.28 14:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ROUTE 66 Sync [2008.12.25 10:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SampleView [2011.08.08 18:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Userdvd [2011.09.15 23:07:44 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.25 16:20:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.08.21 19:40:26 | 000,000,000 | -HSD | M] -- C:\boot [2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.12.15 02:00:10 | 000,000,000 | -H-D | M] -- C:\hp [2007.12.15 02:01:56 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.11.19 23:46:59 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.08.19 10:24:53 | 000,000,000 | R--D | M] -- C:\Program Files [2011.06.21 14:42:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.19 10:53:22 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.08.07 18:44:20 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2008.10.25 16:20:08 | 000,000,000 | ---D | M] -- C:\SwSetup [2008.11.08 19:07:59 | 000,000,000 | -HSD | M] -- C:\System Recovery [2011.09.17 19:40:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.10.25 16:20:08 | 000,000,000 | -H-D | M] -- C:\System.sav [2008.10.25 16:05:33 | 000,000,000 | R--D | M] -- C:\Users [2011.09.12 00:10:27 | 000,000,000 | ---D | M] -- C:\Windows [2009.07.16 23:51:41 | 000,000,000 | ---D | M] -- C:\WorkTemp [2011.08.08 18:32:27 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.25 18:29:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.10.25 18:29:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-17 17:40:44 ========== Alternate Data Streams ========== @Alternate Data Stream - 1165 bytes -> C:\Users\***\Documents\Fw_ E-Mail schreiben an_ 01 Titel 1_mp3.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.09.2011 19:33:53 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,58% Memory free
4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,69 Gb Total Space | 59,26 Gb Free Space | 42,42% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018444CB-09A7-45FB-8AA5-0320383DC7E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1869FE36-A7A2-486F-A716-E6BEFB8583DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AD664F0-2AE0-4D78-8DF6-667B728A930C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40F8301A-51BF-4681-A89B-15726C243D79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{415B3F72-15C6-4F6A-9820-121589407F91}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C9484BD-146E-4FDC-A45D-102B7FFFCAFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CDF0832-8BDA-47AA-B6DC-3E05818372A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{645F100E-C1A3-4973-A7D7-04563FC0B3FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{6AF072F8-7E04-435D-B66B-E729C1790CDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BAD45F7-4F71-4F36-AEA2-6624AF44C269}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D688217-0AAD-40AE-A74F-CA0453D94F65}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{78AEAB7C-BC07-482C-A210-43B83525A36B}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E0BAD23-EEB7-4482-BFAB-509320F57123}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A13E5260-560E-4176-AF8E-C3694EB69C45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE0AA5D5-AE97-4A29-BF5E-9ED7DDADE035}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0735E09-0737-4EAC-8C3F-5704E8635D60}" = lport=139 | protocol=6 | dir=in | app=system |
"{D084A41C-84E4-4DA8-B913-0DBD99F1B5F3}" = lport=138 | protocol=17 | dir=in | app=system |
"{D118593E-954F-4FB1-8EC5-F9F49A1BFC40}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DE94384A-A2D2-4705-9A03-D7F18F87EC61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03506F47-5947-4C03-AFC3-E0C9EBF5D59B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0E46DF45-E229-4819-943A-B45A47B68156}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{164EB954-331D-4D57-9D1D-10FE3B79B12C}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe |
"{17CCD86E-7891-4C7E-BF03-016175537696}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe |
"{34286FB9-E463-4D55-BC79-741366D5C922}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56A60D83-9C0A-45D4-B832-9E8497AD119C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{617BCF45-AFB3-420A-84FF-33CC3E3BABFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F47E493-C24A-4A52-ABD1-9F49A99F9291}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{AC656E6F-A19C-4059-9E5D-B9BCBD6E5BED}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe |
"{BF57AD51-EC5E-4633-A6C7-4366834C5A96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D96B7394-5206-4C80-BD77-E8D3C7FDCF31}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DF718838-E0C2-44CE-9EEA-1F624D56EFB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E042BBA2-211B-407F-8A0D-65C2117938E1}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe |
"{F4D51F75-3402-4B92-A40A-99EE55801BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{28F8B573-93C1-49E9-AB28-5289794CFAC4}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{493F5EFD-0FAF-49F9-BE7C-EB151C387A42}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4DCC0DCB-2B98-43EB-B31F-DDA68690906F}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=6 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe |
"TCP Query User{704ABA8A-3563-49F1-87DE-66D2E59B5BB7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{281012E1-14F5-43F8-BD3C-F6005B312AEE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{8CC04355-E31F-48FB-9CB8-6D305594E24E}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=17 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe |
"UDP Query User{9710598C-51A4-4400-99A2-A022FB4F276C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CC6C73F8-6834-4146-AFA3-85A46064A55F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV Ts
"{557696ED-2543-4D5D-9F53-0BDAAF8D5FB8}" = ArcSoft VideoImpression 2
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{59E1EEA6-EDBC-45C1-9754-A88119760547}" = ArcSoft MediaConverter 2.5
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E629851A-1B1A-4671-961A-A9AF549E03A2}" = ArcSoft PhotoImpression 5
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Toolbar" = AOL Toolbar 5.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BurnAware Free_is1" = BurnAware Free 2.3.7
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameCenter_is1" = GameCenter 1.3.0.5
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luchterhand - BGB-Kommentar" = Luchterhand - BGB-Kommentar
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PDF Complete" = PDF Complete
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.09.2011 08:20:29 | Computer Name = Headofhouse-PC | Source = Perflib | ID = 1010
Description =
Error - 11.09.2011 08:21:19 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 11.09.2011 08:45:44 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 13.09.2011 14:36:18 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.09.2011 07:11:30 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.09.2011 10:23:15 | Computer Name = Headofhouse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Roxio_Central33.exe, Version 3.50.6.0, Zeitstempel
0x46577268, fehlerhaftes Modul CDDBUIRoxio.dll, Version 2.0.0.20, Zeitstempel 0x404ced8f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00003440, Prozess-ID 0x1418, Anwendungsstartzeit
01cc73b2efbb1550.
Error - 17.09.2011 13:24:04 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.09.2011 13:32:43 | Computer Name = Headofhouse-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.28.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12b4 Anfangszeit: 01cc755eb8f9f0ff Zeitpunkt der Beendigung:
5
Error - 17.09.2011 13:38:57 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.09.2011 13:40:13 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ OSession Events ]
Error - 06.01.2009 14:39:46 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 159 seconds with 120 seconds of active time. This session ended with a crash.
Error - 06.01.2009 14:40:31 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 37 seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.01.2009 16:26:43 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 99 seconds with 60 seconds of active time. This session ended with a crash.
Error - 18.02.2009 15:51:36 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 235 seconds with 180 seconds of active time. This session ended with a crash.
Error - 18.02.2009 15:52:02 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 17 seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.12.2010 11:32:14 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.09.2011 08:16:12 | Computer Name = Headofhouse-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.109.1136.0
Ladende
Modulversion: 1.1.7104.0
Error - 11.09.2011 12:20:39 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 13.09.2011 14:33:42 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 15.09.2011 07:11:14 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Gruß |
|
18.09.2011, 20:34
| #25 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE LogfileESET Online Scanner
|
|
23.09.2011, 09:19
| #26 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile ich versteh es nicht, ich habe alle firewalls etc ausgeschaltet - auch den Microsoft Defender - und trotzdem kann ich den Scan nicht starten da angeblich der Microsoft Defender aktiviert ist. Ist er aber nicht.. Hast du eine Idee was ich falsch gemacht habe? |
|
23.09.2011, 23:04
| #27 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Bist Du genau so vorgegangen? Aktivieren und Deaktivieren von Windows Defender |
|
25.09.2011, 18:06
| #28 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Danke es hat dann doch geklappt. Hier ist das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=12efa7975da505458422947027cf3a0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-24 12:44:28
# local_time=2011-09-24 02:44:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 86562375 86562375 0 0
# compatibility_mode=5892 16776574 100 100 231 154393374 0 0
# compatibility_mode=8192 67108863 100 0 96405 96405 0 0
# scanned=204144
# found=1
# cleaned=0
# scan_time=7665
C:\_OTL\MovedFiles\08082011_123227\C_Users\***\Desktop\0.5435339398469355.exe a variant of Win32/Kryptik.SOE trojan (unable to clean) 00000000000000000000000000000000 I
Gruss |
|
25.09.2011, 18:40
| #29 |
| /// Malwareteam | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
|
|
25.09.2011, 19:51
| #30 |
| | "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile Alles klar, wieder zunächst das OTL-file und dann die Extras-Datei: OTL: Code:
ATTFilter OTL logfile created on: 25.09.2011 20:34:58 - Run 2 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,06% Memory free 4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,69 Gb Total Space | 57,93 Gb Free Space | 41,47% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Windows\SMINST\Scheduler.exe () PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Programme\Napster\napster.exe (Napster) PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Plugins\nps.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\noaipcclient.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Windows\System32\flcdlmsg.dll () MOD - C:\Windows\SMINST\Scheduler.exe () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\SMINST\naspp.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- File not found SRV - (getPlusHelper) -- File not found SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (appdrvrem01) Application Driver Auto Removal Service (01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (appdrv01) Application Driver (01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.01.08 00:17:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.26 17:07:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M] [2011.09.23 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions [2009.08.13 18:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 19:24:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.01.08 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REALPLAYER@PARTNERS.MOZILLA.COM [2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG [2009.01.08 00:17:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009.01.08 00:16:41 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009.01.08 00:16:41 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009.01.08 00:16:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009.01.08 00:16:41 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.png [2009.01.08 00:16:41 | 000,000,804 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.src [2009.01.08 00:16:41 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.gif [2009.01.08 00:16:41 | 000,001,075 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.src [2009.01.08 00:16:41 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.gif [2009.01.08 00:16:41 | 000,000,879 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.src [2009.01.08 00:16:41 | 000,000,232 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.png [2009.01.08 00:16:41 | 000,001,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.src [2009.01.08 00:16:41 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.gif [2009.01.08 00:16:41 | 000,001,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF93A730-B904-4CBB-8AF7-25AEBB9396DC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (c:\users\bernd dransfeld\desktop\0.5435339398469355.exe) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.23 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.09.23 09:49:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2011.09.17 19:24:37 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.09.15 16:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Susanne und Frank 50 [2011.09.11 14:36:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.09.11 14:35:59 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.09.11 14:35:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.09.11 14:35:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.09.11 14:35:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.09.07 05:08:07 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.09.07 05:07:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.09.07 05:05:46 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.09.07 05:05:46 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2011.09.25 20:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.09.25 20:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.25 20:16:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.25 18:58:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.25 18:58:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.25 18:58:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.24 12:22:13 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys [2011.09.23 18:55:15 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.23 09:49:43 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.09.15 13:21:14 | 000,696,626 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.15 13:21:14 | 000,651,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.15 13:21:14 | 000,155,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.15 13:21:14 | 000,126,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.11 14:20:38 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.09.07 05:04:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\eoihd3ew.exe ========== Files Created - No Company Name ========== [2011.09.24 12:22:13 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys [2011.09.07 05:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\eoihd3ew.exe [2011.05.04 21:09:11 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.01 15:00:58 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\80843.cfg [2009.08.08 12:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 12:10:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.10 16:31:48 | 000,000,303 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2009.03.20 23:23:22 | 000,017,089 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.01.08 00:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.01.08 00:16:41 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat [2008.12.22 19:45:17 | 000,008,959 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.11.21 11:08:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.21 02:15:35 | 000,044,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.25 16:08:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.10.25 16:08:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.10.25 16:08:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.10.25 16:08:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.08.24 14:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.08.24 14:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.24 14:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.08.24 14:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.06.08 10:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.09 18:42:33 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 18:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:38:05 | 000,696,626 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:38:05 | 000,155,102 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,433,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,651,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,126,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1165 bytes -> C:\Users\***\Documents\Fw_ E-Mail schreiben an_ 01 Titel 1_mp3.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.09.2011 20:34:58 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,06% Memory free
4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,69 Gb Total Space | 57,93 Gb Free Space | 41,47% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018444CB-09A7-45FB-8AA5-0320383DC7E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1869FE36-A7A2-486F-A716-E6BEFB8583DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AD664F0-2AE0-4D78-8DF6-667B728A930C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40F8301A-51BF-4681-A89B-15726C243D79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{415B3F72-15C6-4F6A-9820-121589407F91}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C9484BD-146E-4FDC-A45D-102B7FFFCAFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CDF0832-8BDA-47AA-B6DC-3E05818372A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{645F100E-C1A3-4973-A7D7-04563FC0B3FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{6AF072F8-7E04-435D-B66B-E729C1790CDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BAD45F7-4F71-4F36-AEA2-6624AF44C269}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D688217-0AAD-40AE-A74F-CA0453D94F65}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{78AEAB7C-BC07-482C-A210-43B83525A36B}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E0BAD23-EEB7-4482-BFAB-509320F57123}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A13E5260-560E-4176-AF8E-C3694EB69C45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE0AA5D5-AE97-4A29-BF5E-9ED7DDADE035}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0735E09-0737-4EAC-8C3F-5704E8635D60}" = lport=139 | protocol=6 | dir=in | app=system |
"{D084A41C-84E4-4DA8-B913-0DBD99F1B5F3}" = lport=138 | protocol=17 | dir=in | app=system |
"{D118593E-954F-4FB1-8EC5-F9F49A1BFC40}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DE94384A-A2D2-4705-9A03-D7F18F87EC61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03506F47-5947-4C03-AFC3-E0C9EBF5D59B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0E46DF45-E229-4819-943A-B45A47B68156}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{164EB954-331D-4D57-9D1D-10FE3B79B12C}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe |
"{17CCD86E-7891-4C7E-BF03-016175537696}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe |
"{34286FB9-E463-4D55-BC79-741366D5C922}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56A60D83-9C0A-45D4-B832-9E8497AD119C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{617BCF45-AFB3-420A-84FF-33CC3E3BABFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F47E493-C24A-4A52-ABD1-9F49A99F9291}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{AC656E6F-A19C-4059-9E5D-B9BCBD6E5BED}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe |
"{BF57AD51-EC5E-4633-A6C7-4366834C5A96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D96B7394-5206-4C80-BD77-E8D3C7FDCF31}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DF718838-E0C2-44CE-9EEA-1F624D56EFB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E042BBA2-211B-407F-8A0D-65C2117938E1}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe |
"{F4D51F75-3402-4B92-A40A-99EE55801BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{28F8B573-93C1-49E9-AB28-5289794CFAC4}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{493F5EFD-0FAF-49F9-BE7C-EB151C387A42}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4DCC0DCB-2B98-43EB-B31F-DDA68690906F}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=6 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe |
"TCP Query User{704ABA8A-3563-49F1-87DE-66D2E59B5BB7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{281012E1-14F5-43F8-BD3C-F6005B312AEE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{8CC04355-E31F-48FB-9CB8-6D305594E24E}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=17 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe |
"UDP Query User{9710598C-51A4-4400-99A2-A022FB4F276C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CC6C73F8-6834-4146-AFA3-85A46064A55F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV Ts
"{557696ED-2543-4D5D-9F53-0BDAAF8D5FB8}" = ArcSoft VideoImpression 2
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{59E1EEA6-EDBC-45C1-9754-A88119760547}" = ArcSoft MediaConverter 2.5
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E629851A-1B1A-4671-961A-A9AF549E03A2}" = ArcSoft PhotoImpression 5
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Toolbar" = AOL Toolbar 5.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BurnAware Free_is1" = BurnAware Free 2.3.7
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameCenter_is1" = GameCenter 1.3.0.5
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luchterhand - BGB-Kommentar" = Luchterhand - BGB-Kommentar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PDF Complete" = PDF Complete
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2011 14:36:18 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.09.2011 07:11:30 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.09.2011 10:23:15 | Computer Name = Headofhouse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Roxio_Central33.exe, Version 3.50.6.0, Zeitstempel
0x46577268, fehlerhaftes Modul CDDBUIRoxio.dll, Version 2.0.0.20, Zeitstempel 0x404ced8f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00003440, Prozess-ID 0x1418, Anwendungsstartzeit
01cc73b2efbb1550.
Error - 17.09.2011 13:24:04 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.09.2011 13:32:43 | Computer Name = Headofhouse-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.28.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12b4 Anfangszeit: 01cc755eb8f9f0ff Zeitpunkt der Beendigung:
5
Error - 17.09.2011 13:38:57 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.09.2011 13:40:13 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 23.09.2011 03:51:10 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 24.09.2011 06:20:54 | Computer Name = Headofhouse-PC | Source = EventSystem | ID = 4609
Description =
Error - 24.09.2011 09:14:02 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ OSession Events ]
Error - 06.01.2009 14:39:46 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 159 seconds with 120 seconds of active time. This session ended with a crash.
Error - 06.01.2009 14:40:31 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 37 seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.01.2009 16:26:43 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 99 seconds with 60 seconds of active time. This session ended with a crash.
Error - 18.02.2009 15:51:36 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 235 seconds with 180 seconds of active time. This session ended with a crash.
Error - 18.02.2009 15:52:02 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 17 seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.12.2010 11:32:14 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.09.2011 18:07:17 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10010
Description =
Error - 23.09.2011 05:34:01 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 23.09.2011 11:59:49 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 24.09.2011 06:20:16 | Computer Name = Headofhouse-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.09.2011 um 22:05:50 unerwartet heruntergefahren.
Error - 24.09.2011 06:20:47 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005
Description =
Error - 24.09.2011 06:20:54 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005
Description =
Error - 24.09.2011 06:20:57 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005
Description =
Error - 24.09.2011 06:20:57 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005
Description =
Error - 24.09.2011 06:21:33 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005
Description =
Error - 24.09.2011 06:25:07 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7009
Description =
< End of report >
Gruss |
|
| Themen zu "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile |
| adobe, alternate, antivir, autorun, avira, bho, bonjour, bundeskriminalamt trojaner, bundespolizei trojaner, bundespolizei-virus, converter, defender, desktop, e-mail, error, extras.txt, firefox, format, google, home, launch, logfile, mp3, object, otl.txt, plug-in, reatogo, registry, scan, sched.exe, security, security scan, software, start menu, symantec, trojaner, version=1.0, vista |
Textbox.
Linear-Darstellung
