| |
| |||||||
Log-Analyse und Auswertung: Windows Security Center Trojaner sperrt PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.02.2012, 20:19
| #1 |
 |  Windows Security Center Trojaner sperrt PC Hallo, auch ich habe mir offensichtlich den in den letzten Threads oft beschriebenen Windows Security Center-Trojaner eingefangen. Den OTL-Scan habe ich bereits ausgeführt und die Dateien angehängt. Ich hoffe, ihr könnt mir helfen. Vielen Dank schon einmal. H. OTL.txt Code:
ATTFilter OTL logfile created on: 08.02.2012 19:58:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,08% Memory free 4,44 Gb Paging File | 3,71 Gb Available in Paging File | 83,54% Paging File free Paging file location(s): c:\pagefile.sys 500 500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 352,91 Gb Free Space | 75,77% Space Free | Partition Type: NTFS Computer Name: BLACKBOX | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\DRIVERS\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\DRIVERS\BthAvrcp.sys (CSR, plc) DRV:64bit: - (WUSB54GCv3) -- C:\Windows\SysNative\DRIVERS\WUSB54GCv3.sys (Ralink Technology Corp.) DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.) DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.) DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys (Logitech, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation) DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\usbccid.sys (Microsoft Corporation) DRV:64bit: - (RT61) -- C:\Windows\SysNative\DRIVERS\RT61.sys (Ralink Technology Inc.) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 68 51 A0 94 18 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\Firefox [2011.09.13 11:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.17 23:37:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.17 23:37:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.22 14:23:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.22 14:23:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.22 14:23:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.22 14:23:41 | 000,000,000 | ---D | M] [2009.12.11 16:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2009.12.11 16:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.28 17:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions [2010.04.29 18:01:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.05 19:40:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.13 17:07:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.30 11:42:43 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2011.04.08 15:12:57 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\personas@christopher.beard [2010.05.11 15:16:16 | 000,000,000 | ---D | M] (SIZCHIP-Plugin for Firefox, Seamonkey, Opera) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\sizchip_plugin_17@siz.de [2012.01.24 14:44:41 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5785bek0.Henning\extensions\superstart@enjoyfreeware.org [2012.02.01 17:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions [2010.04.02 14:10:03 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E} [2011.02.14 22:31:40 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.13 17:07:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.01 17:24:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\fastdial@telega.phpnet.us [2009.04.08 23:36:17 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\stop-reload@design-noir.de [2010.04.02 14:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ip5xwljc.Sascia\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions [2011.11.10 19:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.16 20:50:08 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.17 11:05:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.17 11:05:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.17 11:05:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.17 11:05:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.17 11:05:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.17 11:05:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LVCOMSX] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited) O4 - HKCU..\Run: [vasja] C:\Users\Admin\AppData\Local\Temp\0.8080220964524135.exe (Orb Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: paypal.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{029AC0C0-7336-475A-A803-8DE633771FBA}: DhcpNameServer = 62.109.123.197 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AABF5188-D81B-4BD6-A05E-845EF79B781C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1a1f56cf-9ea0-11e0-9317-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1a1f56cf-9ea0-11e0-9317-806e6f6e6963}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{37e7fb0c-e256-11de-9fc5-000272b11279}\Shell - "" = AutoRun O33 - MountPoints2\{37e7fb0c-e256-11de-9fc5-000272b11279}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.08 19:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2012.02.08 19:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2012.01.28 14:11:14 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.28 14:11:14 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.22 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.22 15:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.22 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.22 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.01.22 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.01.22 14:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.01.22 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.01.11 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Downloaded Installations [2012.01.11 15:52:14 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM9311.dll [2012.01.11 15:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.01.11 15:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.01.11 15:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.01.11 15:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.01.11 15:49:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\HP [2012.01.11 12:19:55 | 000,000,000 | ---D | C] -- C:\f7eb6f411d065d540c4964d5440b182d [2012.01.11 11:31:31 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 11:31:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 11:31:31 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.01.11 11:31:31 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.01.11 11:31:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 11:31:31 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 11:31:23 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 11:31:21 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll [2012.01.11 11:31:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll [2012.01.11 11:31:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll [2012.01.11 11:31:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll [2012.01.11 11:31:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll [2012.01.11 11:31:20 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.01.11 11:31:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 11:31:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.08 19:25:19 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.02.08 17:48:14 | 001,467,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.08 17:48:14 | 000,636,104 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.08 17:48:14 | 000,602,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.08 17:48:14 | 000,129,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.08 17:48:14 | 000,106,248 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.08 17:43:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.05 23:30:11 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.05 23:27:01 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.05 23:25:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 23:25:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 22:58:05 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.05 19:37:12 | 092,517,768 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2012.02.01 17:24:46 | 000,013,336 | ---- | M] () -- C:\Users\Admin\Desktop\Lohnsteuerjahresausgleich_2009.elfo [2012.01.28 13:56:16 | 000,206,336 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.22 15:17:26 | 000,001,667 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.22 14:23:37 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.01.12 10:25:29 | 000,000,662 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1313B0JB05HX.job [2012.01.11 15:52:14 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 3050 J610 series.lnk [2012.01.11 15:52:13 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk [2012.01.11 15:52:13 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.08 19:25:19 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.01.22 15:17:26 | 000,001,667 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.22 14:23:37 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.01.11 15:57:12 | 000,000,662 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN1313B0JB05HX.job [2012.01.11 15:52:14 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 3050 J610 series.lnk [2012.01.11 15:52:13 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk [2012.01.11 15:52:13 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk [2010.12.17 14:25:53 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi [2010.09.07 09:52:35 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.06.09 15:40:28 | 000,000,677 | ---- | C] () -- C:\Windows\wiso.ini [2010.03.09 19:57:36 | 001,448,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.03.09 19:55:12 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin [2010.01.02 13:49:09 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.01.02 13:41:47 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.10 11:00:55 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll [2009.08.12 13:27:54 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2009.07.21 16:35:23 | 000,000,760 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\setup_ldm.iss [2009.06.02 16:22:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.29 15:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 15:47:06 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.05.27 17:33:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.05.27 17:32:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.05.27 17:32:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.26 13:53:47 | 000,206,336 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.19 15:30:29 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2009.04.13 21:25:52 | 000,000,227 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2009.04.12 21:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.04.09 22:51:29 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.04.08 21:27:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.04.08 19:42:59 | 000,008,532 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat [2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll [2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll ========== LOP Check ========== [2010.07.08 11:09:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon [2009.07.26 21:14:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Azureus [2010.03.09 19:57:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blackberry Desktop [2010.06.09 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2009.04.12 13:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe_Limited [2009.04.09 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CopyTrans [2009.04.09 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CopyTransControlCenter [2011.01.13 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.31 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular [2011.03.28 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Foxit Software [2009.07.02 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn [2009.04.16 08:58:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KeePass [2010.12.17 23:37:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Local [2009.09.01 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia [2009.04.09 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2010.01.17 01:05:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2010.03.09 18:35:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2010.08.24 07:21:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Research In Motion [2009.07.21 17:27:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Shark007 [2009.12.11 16:36:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2009.04.12 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2009.07.21 17:26:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VistaCodecs [2009.04.09 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WindSolutions [2009.04.09 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView [2012.02.05 23:30:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.02.2012 19:58:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,08% Memory free
4,44 Gb Paging File | 3,71 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): c:\pagefile.sys 500 500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 352,91 Gb Free Space | 75,77% Space Free | Partition Type: NTFS
Computer Name: BLACKBOX | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [CEWE FOTOSCHAU] -- "C:\Users\Admin\Desktop\Sascia\Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Admin\Desktop\Sascia\Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [CEWE FOTOSCHAU] -- "C:\Users\Admin\Desktop\Sascia\Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Admin\Desktop\Sascia\Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A9 30 C7 77 F3 DE C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3610069819-3349999896-2608768941-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E2BCF9-5DE2-40A7-9E5D-D9ECE22274CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2A92F0B5-849C-43BA-A2A7-FB1492C3615F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{2F2F7439-E5B8-4D45-84A4-C69D74687819}" = lport=445 | protocol=6 | dir=in | app=system |
"{4175C7C2-7564-419F-9A9D-D66A83E02B11}" = rport=445 | protocol=6 | dir=out | app=system |
"{469E5876-287D-441F-A94D-29B406E63BDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C805894-3894-4C4B-BEA3-DF6C74CBE397}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{60799677-8760-4D27-ABED-B09BAEB7A4B3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{83268B5F-FA43-4489-8F12-C988A9F11855}" = lport=138 | protocol=17 | dir=in | app=system |
"{88029BA4-FA96-4337-B470-DEF1C8B86942}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{8C65F72D-5DA2-424D-A818-C00A24D64616}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DDB6352-06BB-482B-96CC-0147A0008E83}" = rport=137 | protocol=17 | dir=out | app=system |
"{A59A9E6D-6207-4578-9A2E-58CD7C7A6EE0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{ADF54A93-CDD0-4230-B4FA-EFC30649DC37}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B054593B-7151-4C31-8FD3-1843D73A725B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B664C9E9-DDB2-4B1F-A2AC-970F1A1A7B16}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{BAB2B2A0-0CD0-45D4-A62C-220D34E56DA2}" = rport=138 | protocol=17 | dir=out | app=system |
"{D40E70FD-3C2A-4C88-B2D1-49BB1BBF25C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E87C1C3D-CA51-47C4-90D7-8D9728304EB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8A8ABFC-8E78-4D9A-8191-0DA15F3B63AE}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{FD7F534F-D3F4-4A47-985E-06336224E37E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05361404-9BFD-4BBD-B3CD-548A2375E345}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C3128E4-25B3-444C-B135-6D30EC0EF5C3}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{12CC60F5-703B-43FA-89D4-2638B8610162}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{19179815-7CDD-4220-B4C6-E5A7E1C9324C}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{1B448052-9705-49FE-AFDF-5C77CAA8C6E7}" = dir=in | app=c:\program files (x86)\avg\avgnsa.exe |
"{2BFB8DCF-EB56-4B64-BF63-E5B3407F1A1E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{2C8C9E95-72A3-461D-8430-A83CB5852856}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2DDCA1ED-44F7-41DB-8E3C-04B2DD13F631}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E60CBF1-96B5-40E2-9C9C-9586DF63CFCA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D8E78BC-7AF2-4BFC-8892-1AA80B9C6BC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B2638D2-7F0D-4E0B-856D-655EB7EE9AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{4D627B27-C4E4-4ABB-99BA-F1FD601A2BE1}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{52C9C7F7-D5C4-41E5-B571-BBFF22965221}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{562969CF-75C4-4077-B80C-08E7F216278F}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{5FE7EA8A-C05F-4E8F-AA8E-6355147E322E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C62980F-B1A3-4A09-81E6-4D1A6C9DC91C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{7292DFAE-3CC1-4C69-ACDD-8EA976E7C11F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{77CA87A7-B2A7-4FCC-A285-5636AA851694}" = dir=in | app=c:\program files (x86)\avg\avgupd.exe |
"{85C97C29-1BF8-45DE-9531-F5B0510DB1AC}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{8698A262-B6BB-4B02-8F18-7544DFD02D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{87DEEB05-2956-43B9-99DC-581F54D080BC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{8D47EB1A-7467-41FA-BD83-3D26C72BA440}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{962E236D-813D-446F-9E80-E9B88032B5E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ABDC74D4-6D56-4CC7-9DDE-04DFE544E159}" = dir=in | app=c:\program files (x86)\avg\avgemc.exe |
"{AD2EDA96-750B-42D0-87DE-22DB65C73CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{C7C7FB71-C352-4D75-AE41-4E4131FF0F4B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7EA68F0-6EEE-4D2E-8B6A-D5F6D7A3E29A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D34B75C8-0DE6-4E22-9158-0DBB8053B7F5}" = protocol=1 | dir=in | app=c:\program files\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{F9E994B7-109F-404B-823B-81A8B98BA19C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA3D613E-453A-4564-B8F7-BCECAA0C9DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD7A5FB5-A525-466D-B042-31BE7162E1E1}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"TCP Query User{1BFA98DF-9C21-47A0-BDFF-E06028409A82}C:\program files (x86)\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vlc\vlc.exe |
"TCP Query User{35928C0D-BA92-4CBC-B299-2723C74CD1E9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{870E7271-72EE-4F19-9ED0-292474B6AF11}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{9D810BB0-80FB-4ED0-A63F-6E44C6B0B917}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{388F7A5C-D60C-4D6A-B8D9-C1318D4EE30D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{58FC4056-64FD-4F39-AE92-62C3E15B41BB}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{8E679015-1786-4F48-BF83-3F6C7F82D8E1}C:\program files (x86)\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E863B34-E4A3-40E0-B6F1-35CF372A3CFF}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Linksys Wireless Manager" = Linksys Wireless Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"x64 Components_is1" = x64 Components v2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0F443565-E0FB-4950-9EBD-84C745AD4858}" = StarMoney 7.0 S-Edition
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8148F2-5315-42FD-9075-535AD6F6361C}" = StarMoney 8.0 S-Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AmoK DVD Shrinker" = AmoK DVD Shrinker 1.3
"AVG9Uninstall" = AVG Free SB 9.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 11.4.1.4323" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Foxit Reader" = Foxit Reader
"ImgBurn" = ImgBurn
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.0
"XnView_is1" = XnView 1.96.1
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2011 04:14:36 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 15.03.2011 05:53:06 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 15.03.2011 14:34:18 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2011 14:37:11 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 17.03.2011 15:52:01 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 18.03.2011 08:21:09 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2011 05:11:52 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 22.03.2011 12:37:16 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 23.03.2011 15:18:05 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
Error - 24.03.2011 07:41:53 | Computer Name = BlackBox | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.02.2012 12:24:40 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 07.02.2012 12:24:48 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 07.02.2012 12:25:14 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description =
Error - 07.02.2012 12:25:14 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7026
Description =
Error - 08.02.2012 12:43:17 | Computer Name = BlackBox | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 08.02.2012 12:43:24 | Computer Name = BlackBox | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 08.02.2012 12:44:05 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 08.02.2012 12:44:15 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 08.02.2012 12:44:33 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description =
Error - 08.02.2012 12:44:33 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7026
Description =
[ TuneUp Events ]
Error - 20.12.2009 13:52:16 | Computer Name = BlackBox | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 21.12.2009 05:12:19 | Computer Name = BlackBox | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Geändert von H.er (08.02.2012 um 20:25 Uhr) |
| Themen zu Windows Security Center Trojaner sperrt PC |
| 64-bit, application/pdf, application/pdf:, ausgeführt, bereits, cdburnerxp, center, dateien, hoffe, install.exe, microsoft office word, mozilla thunderbird, otl-scan, plug-in, remote control, security, security center, security update, sperrt, starmoney, super, threads, troja, trojaner, version=1.0, windows, windows security, windows security center |
Baum-Darstellung